Details

Issue of the Implementation # L0176

Brief

m501fb: don't return zero on failure path in sm501fb_probe()

Detailed Description

If no framebuffers found, sm501fb_probe() breaks off initialization, deallocates sm501fb_info, but returns zero. As a result, use after free can happen in sm501fb_remove().

Component

linux-kernel 3.18

Accepted

https://www.marc.info/?l=linux-kernel&m=141479528508209&w=2
commit

Status

Fixed in kernel 3.19-rc1

[Home]

Русский

About Us

Projects