| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 May 2020 11:34:46 -0700
From: Divya Indi <divya.indi@...cle.com>
To: linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org,
Jason Gunthorpe <jgg@...pe.ca>, Kaike Wan <kaike.wan@...el.com>
Cc: Gerd Rausch <gerd.rausch@...cle.com>,
HÃ¥kon Bugge <haakon.bugge@...cle.com>,
Srinivas Eeda <srinivas.eeda@...cle.com>,
Rama Nichanamatlu <rama.nichanamatlu@...cle.com>,
Doug Ledford <dledford@...hat.com>
Subject: Resolving use-after-free in ib_nl_send_msg
[PATCH] IB/sa: Resolving use-after-free in ib_nl_send_msg.
Hi,
This patch is in reply to -
https://lkml.org/lkml/2020/4/24/1076
We have a use-after-free possibility in the ibacm code path -
when the timer(ib_nl_request_timeout) kicks in before ib_nl_snd_msg
has completed sending the query out to ibacm via netlink. The timeout
handler ie ib_nl_request_timeout may result in releasing the query while
ib_nl_snd_msg is still accessing query.
Since the issue appears to be specific to the ibacm code path, we are
trying to resolve it for the life cycle of sa_query in the ibacm code path.
Please review the proposed fix ie the patch that follows.
Would appreciate your thoughts and feedback on the same.
Let me know if you have any questions!
Thanks,
Divya
Powered by blists - more mailing lists