git: kernel - Rejigger midistat functions to close a race

Matthew Dillon dillon at
Tue Aug 20 18:53:45 PDT 2019

commit f70430d0e321043abdf733b90d80d93d06155acf
Author: Matthew Dillon <dillon at>
Date:   Tue Aug 20 18:50:59 2019 -0700

    kernel - Rejigger midistat functions to close a race
    * Make sure lock has full coverage across midistat_open() and
      midistat_read().  The temporary drop of the lock in midistat_read()
      lead to a race which allows one to read kernel memory beyond the
      end of the sbuf buffer.
    * Rejigger the code to remove the global offset and just use
      uio_offset, which also fixes the same race (but leave the
      lock coverage in place regardless).
    Taken-From:	FreeBSD
    Security:       CVE-2019-5612

Summary of changes:
 sys/dev/sound/midi/midi.c | 32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

DragonFly BSD source repository

More information about the Commits mailing list