| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Nov 2023 06:33:09 -0800 From: syzbot <syzbot+bbe84a4010eeea00982d@...kaller.appspotmail.com> To: linux-kernel@...r.kernel.org Subject: Re: [syzbot] [PATCH] Test for aea6bf908d73 For archival purposes, forwarding an incoming command email to linux-kernel@...r.kernel.org. *** Subject: [PATCH] Test for aea6bf908d73 Author: eadavis@...com please test uaf in nfc_alloc_send_skb #syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git aea6bf908d73 >From d6bab181339771591ed9519dced29a8eb20ddadc Mon Sep 17 00:00:00 2001 From: Lizhi Xu <lizhi.xu@...driver.com> Date: Thu, 9 Nov 2023 21:31:26 +0800 Subject: [PATCH] nfc/nci: fix uaf in nfc_alloc_send_skb After releasing the nfc/nci device, nfc_llcp_sock->local should be set to null to avoid referencing expired devices. Signed-off-by: Lizhi Xu <lizhi.xu@...driver.com> --- net/nfc/llcp_core.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c index 1dac28136e6a..024cbba26fc8 100644 --- a/net/nfc/llcp_core.c +++ b/net/nfc/llcp_core.c @@ -102,6 +102,7 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device, accept_sk->sk_state_change(sk); bh_unlock_sock(accept_sk); + lsk->local = NULL; } } @@ -113,6 +114,7 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device, bh_unlock_sock(sk); sk_del_node_init(sk); + llcp_sock->local = NULL; } write_unlock(&local->sockets.lock); -- 2.25.1
Powered by blists - more mailing lists