References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

media: iris: Fix use-after-free in iris_release_internal_buffers()

The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy
internal buffers after FW releases") introduced a regression where
session_release_buf() may free the buffer. The caller,
iris_release_internal_buffers(), continued to access `buffer` after the
call, leading to a potential use-after-free.

Fix this by setting BUF_ATTR_PENDING_RELEASE before calling
session_release_buf(), and reverting the flag if the call fails. This
ensures no dereference occurs after potential freeing.

https://git.kernel.org/stable/c/18c64439f249859b6140f7bf8bcf95c8ed841f28

https://git.kernel.org/stable/c/dd24998a4a4016fb9921916024399bd80f0d45c6

https://git.kernel.org/stable/c/f27cfdcfc916bb59297825805f4c3499f89f9e76