lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 21 Nov 2017 17:27:29 +0100
From:   Takashi Iwai <tiwai@...e.de>
To:     Andrey Konovalov <andreyknvl@...gle.com>
Cc:     Jaroslav Kysela <perex@...ex.cz>, alsa-devel@...a-project.org,
        LKML <linux-kernel@...r.kernel.org>,
        Kostya Serebryany <kcc@...gle.com>,
        syzkaller <syzkaller@...glegroups.com>,
        Dmitry Vyukov <dvyukov@...gle.com>
Subject: Re: [alsa-devel] usb/sound: use-after-free in __uac_clock_find_source

On Tue, 21 Nov 2017 14:52:00 +0100,
Andrey Konovalov wrote:
> 
> Hi!
> 
> I've got the following report while fuzzing the kernel with syzkaller.
> 
> On commit e1d1ea549b57790a3d8cf6300e6ef86118d692a3 (4.15-rc1).
> 
> This actually looks more like an out-of-bounds with large offset than
> a use-after-free due to unrelated alloc and free stack traces.

Yes, similar as the previous report, but at this time, it's about the
clock selector stuff.  Will provide the fix patch, too.


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ