zram: fix potential UAF of zram table · tjh.dev/kernel@212fe1c

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

zram: fix potential UAF of zram table

If zram_meta_alloc failed early, it frees allocated zram->table without
setting it NULL. Which will potentially cause zram_meta_free to access
the table if user reset an failed and uninitialized device.

Link: https://lkml.kernel.org/r/20250107065446.86928-1-ryncsn@gmail.com
Fixes: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device")
Signed-off-by: Kairui Song <kasong@tencent.com>
Reviewed-by: Sergey Senozhatsky <senozhatsky@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Kairui Song and committed by

Andrew Morton 1 year ago 212fe1c0 a32bf5bb

1 changed file

expand all

drivers

block

zram

zram_drv.c

drivers/block/zram/zram_drv.c

··· 1468 1468 zram->mem_pool = zs_create_pool(zram->disk->disk_name); 1469 1469 if (!zram->mem_pool) { 1470 1470 vfree(zram->table); 1471 + zram->table = NULL; 1471 1472 return false; 1472 1473 } 1473 1474