lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1588756482.13662.20.camel@suse.com>
Date:   Wed, 06 May 2020 11:14:42 +0200
From:   Oliver Neukum <oneukum@...e.com>
To:     Alan Stern <stern@...land.harvard.edu>
Cc:     syzbot <syzbot+be5b5f86a162a6c281e6@...kaller.appspotmail.com>,
        andreyknvl@...gle.com, gregkh@...uxfoundation.org,
        linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
        syzkaller-bugs@...glegroups.com, zaitcev@...hat.com
Subject: Re: KASAN: use-after-free Read in usblp_bulk_read

Am Donnerstag, den 30.04.2020, 11:11 -0400 schrieb Alan Stern:

> KASAN is documented.  The difficulty is that this race is obviously 
> hard to trigger, and without the ability to reproduce it we can't run 
> diagnostics to find the underlying cause.
> 
> We can't even ask syzbot to try running tests for us; without a valid 
> reproducer it won't agree to rerun the original test program.


Very well. We are not going to find it without exceptional luck. Yet
there may be a real issue, too. We simply do not know. How about the
attached patch?

	Regards
		Oliver



View attachment "0001-usblp-poison-URBs-upon-disconnect.patch" of type "text/x-patch" (1239 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ