| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Oct 2018 14:06:23 -0600
From: Shuah Khan <shuah@...nel.org>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc: Valentina Manea <valentina.manea.m@...il.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
linux-usb@...r.kernel.org,
syzbot+600b03e0cf1b73bb23c4@...kaller.appspotmail.com,
Stable <stable@...r.kernel.org>, Shuah Khan <shuah@...nel.org>
Subject: Re: [PATCH] usbip: vhci_hcd: check port number before using
On 10/08/2018 02:01 PM, Sudip Mukherjee wrote:
> On Mon, Oct 8, 2018 at 8:29 PM Shuah Khan <shuah@...nel.org> wrote:
>>
>> Hi Sudip,
>>
>> On 10/08/2018 01:19 PM, Sudip Mukherjee wrote:
>>> From: Sudip Mukherjee <sudipm.mukherjee@...il.com>
>>>
>>> The port number is checked and it just prints an error message but it
>>> still continues to use the invalid port. And as a result it accesses
>>> memory which is not its resulting in BUG report from KASAN.
>>
>> Yes there is an issue with out of bounds access. But this isn't the
>> right fix.
>>
>>>
>>> Reported-by: syzbot+600b03e0cf1b73bb23c4@...kaller.appspotmail.com
>>> Cc: stable <stable@...r.kernel.org>
>>> Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@...il.com>
>>
>> I sent in a fix for this last Friday.
>>
>> https://patchwork.kernel.org/patch/10628833/
>
> And I can confirm this patch also fixes the issue tested with the
> reproducer I was using in my vm.
>
>
Great Thanks for testing the patch.
thanks,
-- Shuah
Powered by blists - more mailing lists