lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 22 Jan 2024 09:59:01 +0800
From: "Ubisectech Sirius" <bugreport@...sectech.com>
To: "linux-trace-kernel" <linux-trace-kernel@...r.kernel.org>,
  "linux-kernel" <linux-kernel@...r.kernel.org>
Cc: "akpm" <akpm@...ux-foundation.org>
Subject: WARNING in depot_fetch_stack

Hello.
We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec. Recently, our team has discovered a issue in Linux kernel 6.7.0-g052d534373b7. Attached to the email were a POC file of the issue.
Stack dump:
[ 154.711833][ T8003] ------------[ cut here ]------------
[ 154.711851][ T8003] pool index 81727 out of bounds (941) for stack id 3f3f3f3f
[ 154.712204][ T8003] WARNING: CPU: 1 PID: 8003 at lib/stackdepot.c:410 depot_fetch_stack (lib/stackdepot.c:410 (discriminator 1))
[ 154.712267][ T8003] Modules linked in:
[ 154.712284][ T8003] CPU: 1 PID: 8003 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20
[ 154.712302][ T8003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
[ 154.712315][ T8003] RIP: 0010:depot_fetch_stack (lib/stackdepot.c:410 (discriminator 1))
[ 154.712491][ T8003] Call Trace:
[ 154.712496][ T8003] <TASK>
[ 154.712766][ T8003] stack_depot_put (lib/stackdepot.c:632 lib/stackdepot.c:620)
[ 154.712788][ T8003] kasan_release_object_meta (mm/kasan/generic.c:511 mm/kasan/generic.c:543)
[ 154.712807][ T8003] qlist_free_all (./arch/x86/include/asm/jump_label.h:27 mm/kasan/../slab.h:646 mm/kasan/quarantine.c:156 mm/kasan/quarantine.c:176)
[ 154.712823][ T8003] kasan_quarantine_reduce (./include/linux/srcu.h:285 mm/kasan/quarantine.c:284)
[ 154.712843][ T8003] __kasan_slab_alloc (mm/kasan/common.c:326)
[ 154.712867][ T8003] kmalloc_trace (mm/slub.c:3814 mm/slub.c:3860 mm/slub.c:4007)
[ 154.712888][ T8003] bdev_open_by_dev (block/bdev.c:822)
[ 154.712908][ T8003] blkdev_open (block/fops.c:617 (discriminator 4))
[ 154.712926][ T8003] do_dentry_open (fs/open.c:954)
[ 154.712969][ T8003] path_openat (fs/namei.c:3642 fs/namei.c:3798)
[ 154.713068][ T8003] do_filp_open (fs/namei.c:3826)
[ 154.713216][ T8003] do_sys_openat2 (fs/open.c:1405)
[ 154.713306][ T8003] __x64_sys_openat (fs/open.c:1430)
[ 154.713351][ T8003] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 154.713375][ T8003] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)
[ 154.713396][ T8003] RIP: 0033:0x7f8bc3aa9127
[ 154.713485][ T8003] </TASK>
Thank you for taking the time to read this email and we look forward to working with you further.
 Ubisectech Sirius Team
 Web: www.ubisectech.com
 Email: bugreport@...sectech.com

Content of type "text/html" skipped

Download attachment "横板竖版组合LOGO_画板 1.png" of type "application/octet-stream" (21479 bytes)

Download attachment "poc.c" of type "application/octet-stream" (24370 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ