lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Mar 2022 09:01:18 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Dmitry Vyukov <dvyukov@...gle.com> Cc: syzbot <syzbot+3f1ca6a6fec34d601788@...kaller.appspotmail.com>, Andrey Konovalov <andreyknvl@...gle.com>, ath9k-devel@....qualcomm.com, chouhan.shreyansh630@...il.com, David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Kalle Valo <kvalo@...eaurora.org>, Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, "open list:USB GADGET/PERIPHERAL SUBSYSTEM" <linux-usb@...r.kernel.org>, linux-wireless <linux-wireless@...r.kernel.org>, Masahiro Yamada <masahiroy@...nel.org>, Michal Marek <michal.lkml@...kovi.net>, Nick Desaulniers <ndesaulniers@...gle.com>, Netdev <netdev@...r.kernel.org>, syzkaller-bugs <syzkaller-bugs@...glegroups.com>, Zekun Shen <bruceshenzk@...il.com> Subject: Re: [syzbot] KASAN: out-of-bounds Read in ath9k_hif_usb_rx_cb (3) On Wed, Mar 16, 2022 at 12:45 AM Dmitry Vyukov <dvyukov@...gle.com> wrote: > > But the bug looks to be fixed by something anyway. git log on the file > pretty clearly points to: > > #syz fix: ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream Yeah, that commit 6ce708f54cc8 looks a lot more likely to have any effect on this than my version bump that the syzbot bisection pointed to. But kernels containing that commit still have that run #0: crashed: KASAN: use-after-free Read in ath9k_hif_usb_rx_cb so apparently it isn't actually fully fixed. ;( Linus
Powered by blists - more mailing lists