Commit 71034c85 authored Aug 22, 2024 by Santosh Committed by Santosh Sakore Aug 27, 2024

adsprpc: Handle UAF scenario in put_args



Currently, the DSP updates header buffers with unused DMA handle fds.
In the put_args section, if any DMA handle FDs are present in the
header buffer, the corresponding map is freed. However, since the
header buffer is exposed to users in unsigned PD, users can update
invalid FDs. If this invalid FD matches with any FD that is already
in use, it could lead to a use-after-free (UAF) vulnerability.
As a solution,add DMA handle references for DMA FDs, and the map for
the FD will be freed only when a reference is found.

Acked-by: Om Deore <quic_odeore@quicinc.com>
Change-Id: I3c2614451f7b3717236708ee5e9b88f16f6e435d
Signed-off-by: Santosh <quic_ssakore@quicinc.com>

parent 09012c0a

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 98bae7fa
· Nov 05, 2025

mentioned in commit 98bae7fa

mentioned in commit 98bae7fa8b9505911ea69e3c00232e359abe6233

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit be6d4fb1
· Nov 05, 2025

mentioned in commit be6d4fb1

mentioned in commit be6d4fb10c736ed443db9a11ce76b5d25116caa9

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 1b490112
· Nov 05, 2025

mentioned in commit 1b490112

mentioned in commit 1b490112454b7cc730f59289584093fec1f3a167

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 9fceddef
· Nov 05, 2025

mentioned in commit 9fceddef

mentioned in commit 9fceddef79ffb99c7c30a135d970a18e1e989534

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 724c13e0
· Nov 05, 2025

mentioned in commit 724c13e0

mentioned in commit 724c13e03701a7f3acce871132723bf4ad903e41

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 18c29b2e
· Nov 05, 2025

mentioned in commit 18c29b2e

mentioned in commit 18c29b2ed159f8e449c2fa582b055171e30db9c2

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit eb0d5e83
· Nov 05, 2025

mentioned in commit eb0d5e83

mentioned in commit eb0d5e83a8cb0665ce6ce887e74c38447445fab3

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 2354cfca
· Nov 05, 2025

mentioned in commit 2354cfca

mentioned in commit 2354cfcadab9d51f12f85ef082f5e5c69807c5a3

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 3e206c9f
· Nov 05, 2025

mentioned in commit 3e206c9f

mentioned in commit 3e206c9fef231382a1055c16f0bd57cca8b60cc8

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 50acf2fb
· Nov 05, 2025

mentioned in commit 50acf2fb

mentioned in commit 50acf2fb418d2a099d3a1efe4a41d5c8fa33cef1

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit ebeda931
· Nov 05, 2025

mentioned in commit ebeda931

mentioned in commit ebeda931b5cd4e6a8affa232ab91ff48e2df8fc8

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit 25aa4c7e
· Nov 05, 2025

mentioned in commit 25aa4c7e

mentioned in commit 25aa4c7e79b9a26bf04feb8bb5a4b50f70ba79aa

Toggle commit list

Please to comment