0e27b6c7d2
Currently, the DSP updates header buffers with unused DMA handle fds. In the put_args section, if any DMA handle FDs are present in the header buffer, the corresponding map is freed. However, since the header buffer is exposed to users in unsigned PD, users can update invalid FDs. If this invalid FD matches with any FD that is already in use, it could lead to a use-after-free (UAF) vulnerability. As a solution,add DMA handle references for DMA FDs, and the map for the FD will be freed only when a reference is found. Change-Id: Ie4d19dc0ef0ebdda5ed2fe6f7b64598ef661a63f Signed-off-by: quic_anane <quic_anane@quicinc.com>