lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAD-N9QVVKUDFKMSxUc-smcz0B_7PrjN3DPku+cDM3ZKDn0XLBA@mail.gmail.com>
Date:   Tue, 21 Jun 2022 22:36:04 +0800
From:   Dongliang Mu <mudongliangabcd@...il.com>
To:     vireshk@...nel.org, Johan Hovold <johan@...nel.org>,
        elder@...nel.org, Greg KH <gregkh@...uxfoundation.org>
Cc:     greybus-dev@...ts.linaro.org, linux-staging@...ts.linux.dev,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Unitialized Variable and Null Pointer Dereference bug in gb_bootrom_get_firmware

Hi maintainers,

I would like to send one bug report.

In gb_bootrom_get_firmware, if the first branch is satisfied, it will
go to queue_work, leading to the dereference of uninitialized const
variable "fw". If the second branch is satisfied, it will go to unlock
with fw as NULL pointer, leading to a NULL Pointer Dereference.

The Fixes commit should be [1], introducing the dereference of "fw" in
the error handling code.

I am not sure how to fix this bug. Any comment on removing the
dereference of fw?

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4293e1d4e6416477976ee3bd248589d3fc4bb19

--
My best regards to you.

     No System Is Safe!
     Dongliang Mu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ