lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20240421030606.80385-1-aha310510@gmail.com>
Date: Sun, 21 Apr 2024 12:06:06 +0900
From: Jeongjun Park <aha310510@...il.com>
To: mst@...hat.com
Cc: jasowang@...hat.com,
	kvm@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	sgarzare@...hat.com,
	stefanha@...hat.com,
	syzbot+6c21aeb59d0e82eb2782@...kaller.appspotmail.com,
	syzkaller-bugs@...glegroups.com,
	virtualization@...ts.linux.dev
Subject: Re: [PATCH virt] virt: fix uninit-value in vhost_vsock_dev_open

static bool vhost_transport_seqpacket_allow(u32 remote_cid)
{
...
	vsock = vhost_vsock_get(remote_cid);

	if (vsock)
		seqpacket_allow = vsock->seqpacket_allow;
...
}

I think this is due to reading a previously created uninitialized 
vsock->seqpacket_allow inside vhost_transport_seqpacket_allow(), 
which is executed by the function pointer present in the if statement.

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ