* [PATCH next] firmware: imx: fix use after free in init_device_context()
@ 2026-05-19 6:13 Dan Carpenter
0 siblings, 0 replies; only message in thread
From: Dan Carpenter @ 2026-05-19 6:13 UTC (permalink / raw)
To: Pankaj Gupta
Cc: Frank Li, Sascha Hauer, Pengutronix Kernel Team, Fabio Estevam,
Frieder Schrempf, imx, linux-arm-kernel, linux-kernel,
kernel-janitors
Add a missing return statement on the error path. Otherwise we have a
use after free when it dereferences "dev_ctx" on the next line.
Fixes: 63536a73a3bb ("firmware: drivers: imx: adds miscdev")
Signed-off-by: Dan Carpenter <error27@gmail.com>
---
This was in the original fix but I guess there was a merge problem.
https://lore.kernel.org/all/20260514090457.2186933-1-pankaj.gupta@nxp.com/
drivers/firmware/imx/se_ctrl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/firmware/imx/se_ctrl.c b/drivers/firmware/imx/se_ctrl.c
index 9327d47e4312..010af8221dfe 100644
--- a/drivers/firmware/imx/se_ctrl.c
+++ b/drivers/firmware/imx/se_ctrl.c
@@ -486,6 +486,7 @@ static int init_device_context(struct se_if_priv *priv, int ch_id,
kfree(dev_ctx->devname);
kfree(dev_ctx);
*new_dev_ctx = NULL;
+ return ret;
}
list_add_tail(&dev_ctx->link, &priv->dev_ctx_list);
--
2.53.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-19 6:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-19 6:13 [PATCH next] firmware: imx: fix use after free in init_device_context() Dan Carpenter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox