lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20240119130141.2160-1-hdanton@sina.com>
Date: Fri, 19 Jan 2024 21:01:41 +0800
From: Hillf Danton <hdanton@...a.com>
To: Ubisectech Sirius <bugreport@...sectech.com>
Cc: Eric Dumazet <edumazet@...gle.com>,
	Shigeru Yoshida <syoshida@...hat.com>,
	Suman Ghosh <sumang@...vell.com>,
	linux-kernel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: BUG: unable to handle kernel paging request in __skb_flow_dissect

On Wed, 17 Jan 2024 15:32:28 +0800 Ubisectech Sirius <bugreport@...sectech.com>
> Hello.
> We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec.
> Recently, our team has discovered a issue in Linux kernel 6.7.0-g052d534373b7.
> Attached to the email were a POC file of the issue.
> Stack dump:
> [ 185.664167][ T8332] BUG: unable to handle page fault for address: ffffed1029c40001
> [ 185.665134][ T8332] #PF: supervisor read access in kernel mode
> [ 185.665877][ T8332] #PF: error_code(0x0000) - not-present page
> [ 185.666481][ T8332] PGD 7ffd0067 P4D 7ffd0067 PUD 3fff5067 PMD 0
> [ 185.667129][ T8332] Oops: 0000 [#1] PREEMPT SMP KASAN
> [ 185.667719][ T8332] CPU: 1 PID: 8332 Comm: poc Not tainted 6.7.0-g052d534373b7 #19
> [ 185.668641][ T8332] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> [ 185.669639][ T8332] RIP: 0010:__skb_flow_dissect (net/core/flow_dissector.c:1170 (discriminator 1))

Looks like the syzbot report [1] on 01 Jan 2024, and decoding the test
result of a debug patch [2] is welcome.

Hillf

[1] https://lore.kernel.org/lkml/000000000000498a02060de59162@google.com/
[2] https://lore.kernel.org/lkml/00000000000078d073060f4b51e7@google.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ