From 299d7572e46f98534033a9e65973f13ad1ce9047 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan@kernel.org>
Date: Wed, 4 Oct 2017 11:01:13 +0200
Subject: [PATCH] USB: serial: console: fix use-after-free after failed setup
Git-commit: 299d7572e46f98534033a9e65973f13ad1ce9047
Patch-mainline: v4.14-rc5
References: bsc#1066618 CVE-2017-16525
Make sure to reset the USB-console port pointer when console setup fails
in order to avoid having the struct usb_serial be prematurely freed by
the console code when the device is later disconnected.
Fixes: 73e487fdb75f ("[PATCH] USB console: fix disconnection issues")
Cc: stable <stable@vger.kernel.org> # 2.6.18
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
---
drivers/usb/serial/console.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/usb/serial/console.c
+++ b/drivers/usb/serial/console.c
@@ -186,6 +186,7 @@ static int usb_console_setup(struct cons
tty_kref_put(tty);
reset_open_count:
port->port.count = 0;
+ info->port = NULL;
usb_autopm_put_interface(serial->interface);
error_get_interface:
usb_serial_put(serial);