[lvc-project] [PATCH 0/2] most: usb: Fix UAF in hdm_disconnect and put_device() before device initialization in hdm_probe().
Victoria Votokina
Victoria.Votokina at kaspersky.com
Fri Oct 10 13:52:39 MSK 2025
This series fixes two issues in drivers/most/most_usb.c.
- 1/2: hdm_disconnect() raced with device core teardown, leading to a
syzbot-reported KASAN UAF/double-free. Move all mdev-owned frees
into release_mdev() and drop redundant puts in the disconnect path.
- 2/2: early hdm_probe() error path called put_device() before
device_initialize(), triggering a WARN and touching an
uninitialized kobject. Use kfree(mdev) there instead.
Both patches tighten lifetime rules and remove WARN/UAF.
Victoria Votokina (2):
most: usb: Fix use-after-free in hdm_disconnect
most: usb: hdm_probe: Fix calling put_device() before
device initialization
drivers/most/most_usb.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
--
2.30.2
More information about the lvc-project
mailing list