On Thu, Jan 07, 2016 at 08:38:04AM -0800, Peter Hurley wrote:
> On 01/07/2016 08:14 AM, Greg Kroah-Hartman wrote:
> > Adding Peter and linux-serial to the list here, as Peter has been doing
> > a ton of work in this area...
> >
> > Peter, does this seem sane with the tty locking rules?
> >
> > th
On Thu, Jan 07, 2016 at 03:58:00PM +0100, Mateusz Guzik wrote:
> When the line discipline is being changed, the old one is freed.
> However, the handler for TIOCGETD would dereference it without taking
> any locks, in effect possibly reading freed memory.
>
> Line discipline changes are protected
When the line discipline is being changed, the old one is freed.
However, the handler for TIOCGETD would dereference it without taking
any locks, in effect possibly reading freed memory.
Line discipline changes are protected with tty lock. Use it on reader
side as well.
CVE: CVE-2016-0723
Found-b