On Fri, 20 Nov 2020 15:48:50 +0800
Qinglang Miao wrote:
> kfree(cdev) is called in put_device in the error branch. So that
> device_unlock(&cdev->dev) would raise a use-after-free bug. In fact,
> there's no need to call device_unlock after put_device.
>
> Fix it by adding simply return after put
kfree(cdev) is called in put_device in the error branch. So that
device_unlock(&cdev->dev) would raise a use-after-free bug. In fact,
there's no need to call device_unlock after put_device.
Fix it by adding simply return after put_device.
Fixes: a6ef15652d26 ("s390/cio: fix use after free in cmb
2 matches
Mail list logo