From: Oleksij Rempel <o.rempel@pengutronix.de> mainline inclusion from mainline-v5.4-rc7 commit 896daf723c845289a4ea1e68e74a5a5475aa796d category: bugfix bugzilla: 38684 CVE: NA --------------------------- Filters array is coped from user space and linked to the j1939 socket. On socket release this memory was not freed. Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com> Reviewed-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> --- net/can/j1939/socket.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/can/j1939/socket.c b/net/can/j1939/socket.c index 5c6eabcb5df1..4d8ba701e15d 100644 --- a/net/can/j1939/socket.c +++ b/net/can/j1939/socket.c @@ -580,6 +580,7 @@ static int j1939_sk_release(struct socket *sock) j1939_netdev_stop(priv); } + kfree(jsk->filters); sock_orphan(sk); sock->sk = NULL; -- 2.25.1