[PATCH] vboxguest: check for private_data before trying to close it.

Young Xiao Tue, 28 May 2019 05:46:15 -0700

vbg_misc_device_close doesn't check that filp->private_data is non-NULL
before trying to close_session, where vbg_core_close_session uses pointer
session whithout checking, too. That can cause an oops in certain error
conditions that can occur on open or lookup before the private_data is set.


This vulnerability is similar to CVE-2011-1771.

Signed-off-by: Young Xiao <92siuy...@gmail.com>
---
 drivers/virt/vboxguest/vboxguest_linux.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/virt/vboxguest/vboxguest_linux.c 
b/drivers/virt/vboxguest/vboxguest_linux.c
index 6e8c0f1..b03c16f 100644
--- a/drivers/virt/vboxguest/vboxguest_linux.c
+++ b/drivers/virt/vboxguest/vboxguest_linux.c
@@ -88,8 +88,10 @@ static int vbg_misc_device_user_open(struct inode *inode, 
struct file *filp)
  */
 static int vbg_misc_device_close(struct inode *inode, struct file *filp)
 {
-       vbg_core_close_session(filp->private_data);
-       filp->private_data = NULL;
+       if (file->private_data != NULL) {
+               vbg_core_close_session(filp->private_data);
+               filp->private_data = NULL;
+       }
        return 0;
 }
 
-- 
2.7.4

[PATCH] vboxguest: check for private_data before trying to close it.

Reply via email to