Re: [PATCH] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)

Hi Alexander, Thanks for the reproducer! It looks like ABORT, CLEAR QUEUE and BUS DEVICE RESET messages can all cancel the current request, so yes I guess a similar change is needed there, too. Will try to send a v2 soon. Best regards. On Sat, Jul 9, 2022 at 2:22 AM Alexander Bulekov wrote: >

Re: [PATCH] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)

On 220705 2205, Mauro Matteo Cascella wrote: > Set current_req->req to NULL to prevent reusing a free'd buffer in case of > repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch. > > Fixes: CVE-2022-0216 > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972 >

Re: [PATCH] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)

Queued, thanks. Paolo

Re: [PATCH] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)

On 05/07/2022 22.05, Mauro Matteo Cascella wrote: Set current_req->req to NULL to prevent reusing a free'd buffer in case of repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch. Fixes: CVE-2022-0216 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972

[PATCH] scsi/lsi53c895a: fix use-after-free in lsi_do_msgout (CVE-2022-0216)

Set current_req->req to NULL to prevent reusing a free'd buffer in case of repeated SCSI cancel requests. Thanks to Thomas Huth for suggesting the patch. Fixes: CVE-2022-0216 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/972 Signed-off-by: Mauro Matteo Cascella ---