[PATCH] zram: fix potential UAF of zram table - Linux-stable-mirror

7 Jan 2025

From: Kairui Song kasong@tencent.com
If zram_meta_alloc failed early, it frees allocated zram->table without
setting it NULL. Which will potentially cause zram_meta_free to access
the table if user reset an failed and uninitialized device.
Fixes: 74363ec674cb ("zram: fix uninitialized ZRAM not releasing backing device")
Cc: stable@vger.kernel.org
Signed-off-by: Kairui Song kasong@tencent.com
---
 drivers/block/zram/zram_drv.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
index 5b8e4f4171ab..70ecaee25c20 100644
--- a/drivers/block/zram/zram_drv.c
+++ b/drivers/block/zram/zram_drv.c
@@ -1465,6 +1465,7 @@ static bool zram_meta_alloc(struct zram *zram, u64 disksize)
    zram->mem_pool = zs_create_pool(zram->disk->disk_name);
    if (!zram->mem_pool) {
    	vfree(zram->table);
+		zram->table = NULL;
    	return false;
    }
-- 
2.47.1



    