lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 05 Sep 2023 07:22:26 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Jamal Hadi Salim <jhs@...atatu.com>
Cc: davem@...emloft.net, kuba@...nel.org, edumazet@...gle.com,
 pabeni@...hat.com, jiri@...nulli.us, xiyou.wangcong@...il.com,
 netdev@...r.kernel.org, sec@...is.email, paolo.valente@...more.it
Subject: Re: [PATCH net 1/1] net: sched: sch_qfq: Fix UAF in qfq_dequeue()

Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@...hat.com>:

On Fri,  1 Sep 2023 12:22:37 -0400 you wrote:
> From: valis <sec@...is.email>
> 
> When the plug qdisc is used as a class of the qfq qdisc it could trigger a
> UAF. This issue can be reproduced with following commands:
> 
>   tc qdisc add dev lo root handle 1: qfq
>   tc class add dev lo parent 1: classid 1:1 qfq weight 1 maxpkt 512
>   tc qdisc add dev lo parent 1:1 handle 2: plug
>   tc filter add dev lo parent 1: basic classid 1:1
>   ping -c1 127.0.0.1
> 
> [...]

Here is the summary with links:
  - [net,1/1] net: sched: sch_qfq: Fix UAF in qfq_dequeue()
    https://git.kernel.org/netdev/net/c/8fc134fee27f

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ