lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 3 Jun 2021 20:36:40 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     SyzScope <syzscope@...il.com>
Cc:     syzbot <syzbot+305a91e025a73e4fd6ce@...kaller.appspotmail.com>,
        davem@...emloft.net, johan.hedberg@...il.com, kuba@...nel.org,
        linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
        marcel@...tmann.org, netdev@...r.kernel.org,
        syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in hci_chan_del

On Thu, Jun 03, 2021 at 11:30:08AM -0700, SyzScope wrote:
> Hi developers,
> 
> Besides the control flow hijacking primitive we sent before, we managed to
> discover an additional double free primitive in this bug, making this bug
> even more dangerous.
> 
> We created a web page with detailed descriptions: https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_chan_del
> 
> We understand that creating a patch can be time-consuming and there is
> probably a long list of bugs pending fixes. We hope that our security
> analysis can enable an informed decision on which bugs to fix first
> (prioritization).
> 
> Since the bug has been on syzbot for over ten months (first found on
> 08-03-2020 and still can be triggered on 05-08-2021), it is best to have the
> bug fixed early enough to avoid it being weaponized.

Wonderful, please help out by sending a fix for this.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ