lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Sep 2022 12:56:44 -0400 From: "Martin K. Petersen" <martin.petersen@...cle.com> To: Duoming Zhou <duoming@....edu.cn> Cc: linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org, jejb@...ux.ibm.com, martin.petersen@...cle.com, kuba@...nel.org, john.garry@...wei.com, gregkh@...uxfoundation.org, davem@...emloft.net Subject: Re: [PATCH] scsi: libsas: fix use-after-free bug in smp_execute_task_sg Duoming, > When executing SMP task failed, the smp_execute_task_sg() calls > del_timer() to delete the "slow_task->timer". However, if the timer > handler sas_task_internal_timedout() is running, the del_timer() in > smp_execute_task_sg() will not stop it and the UAF bug will happen. Applied to 6.1/scsi-staging, thanks! -- Martin K. Petersen Oracle Linux Engineering
Powered by blists - more mailing lists