lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZJKnqJ7XTvvt8MYM@dhcp22.suse.cz>
Date:   Wed, 21 Jun 2023 09:32:56 +0200
From:   Michal Hocko <mhocko@...e.com>
To:     junfei fang <jefexiaomi@...il.com>
Cc:     andrew.zhu@...iatek.com, colin.peng@...iatek.com,
        wangbiao3@...omi.com, yangjianlong@...omi.com,
        linux-kernel@...r.kernel.org
Subject: Re: kasan cgroup user-after-free in get_mem_cgroup_from_mm

On Wed 21-06-23 10:18:31, junfei fang wrote:
> Thank you for your prompt response.
> 
> We are using kernel-5.15 in our project and cannot change it.

It will be hard to get a community support for such a kernel I am
afraid. Especially when considering the kernel is heavily tainted
> CPU: 0 PID: 6071 Comm: elastic_postChe Tainted: P S      WC OE

by proprietary, out-of-tree modules, pre-existing warnings that might be
related and TAINT_CPU_OUT_OF_SPEC doesn't add much confidence into setup
either.

> Do you have any suggestions on how to fix this issue?

No, not really. From what I can see the report complains about cset
associated with the process' mm. I do not recall any specific bug where
css would be released prematurely. Maybe somebody else who is more
familiar with the cgroup core would know better.

Btw. you should be sending the full UAF report after you have CCed LKML.
-- 
Michal Hocko
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ