Please sign in to comment.
KVM: use after free in kvm_ioctl_create_device()
We should move the ops->destroy(dev) after the list_del(&dev->vm_node) so that we don't use "dev" after freeing it. Fixes: a28ebea ("KVM: Protect device ops->create and list_add with kvm->lock") Signed-off-by: Dan Carpenter <email@example.com> Reviewed-by: David Hildenbrand <firstname.lastname@example.org> Signed-off-by: Radim Krčmář <email@example.com>
- Loading branch information...