漏洞链接
https://nvd.nist.gov/vuln/detail/CVE-2017-16525
bugzilla链接
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-16525
patch链接
漏洞分析
漏洞成因
Make sure to reset the USB-console port pointer when console setup fails in order to avoid having the struct usb_serial be prematurely freed by the console code when the device is later disconnected.
由上可知,当console安装失败时,需要重置USB-console接口指针,来避免设备之后失去连接时,usb_serial对象被意外的free,然后被引用,所以需要将其置为null。
patch
该patch的类型为将指针置为null。