lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YynnT7/mnzJVn7iz@kroah.com>
Date:   Tue, 20 Sep 2022 18:16:15 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Rondreis <linhaoguo86@...il.com>
Cc:     linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
        johan@...nel.org
Subject: Re: KASAN: use-after-free Write in keyspan_close

On Tue, Sep 20, 2022 at 10:47:37PM +0800, Rondreis wrote:
> Hello,
> 
> When fuzzing the Linux kernel driver v6.0-rc6, the following crash was
> triggered.
> 
> HEAD commit: 521a547ced6477c54b4b0cc206000406c221b4d6
> git tree: upstream
> 
> kernel config: https://pastebin.com/raw/hekxU61F
> console output: https://pastebin.com/raw/gvADdA0t
> 
> Sorry for failing to extract the reproducer. But on other versions of
> Linux, I also triggered this crash.
> 
> I would appreciate it if you have any idea how to solve this bug.

Are you hitting this with a real keyspan device, or is this a "fake"
one?

if a fake one, what type of fake data are you sending the driver?  Are
the configuration options correct, and you are giving it bad data, or
something else?

Fuzzing on invalid USB data for drivers is the next "boundry" to start
working on, so far we have only handed invalid configuration information
fairly well, so patches to work on this next layer are always
appreciated if you consider USB data to now be considered "hostile" and
not trustable.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ