CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

CKI Backport Botrequested to merge
redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream/src/kernel/centos-stream-9:backport-RHEL-72355-centos-stream-9-main into main

JIRA: https://issues.redhat.com/browse/RHEL-72355
CVE: CVE-2024-53213

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

In lan78xx_probe(), the buffer `buf` was being freed twice: once
implicitly through `usb_free_urb(dev->urb_intr)` with the
`URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused
a double free issue.

To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to
simplify the initialization sequence and removed the redundant
`kfree(buf)`.  Now, `buf` is allocated after `usb_alloc_urb()`, ensuring
it is correctly managed by  `usb_fill_int_urb()` and freed by
`usb_free_urb()` as intended.

Fixes: a6df95cae40b ("lan78xx: Fix memory allocation bug")
Cc: John Efstathiades <john.efstathiades@pebblebay.com>
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://patch.msgid.link/20241116130558.1352230-1-o.rempel@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit 03819abbeb11117dcbba40bfe322b88c0c88a6b6)

Signed-off-by: CKI Backport Bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com

Created 2025-01-14 11:45 UTC by backporter - KWF FAQ - Slack #team-kernel-workflow - Source - Documentation - Report an issue

Merge request reports