[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <ffc826fe-4753-4e7b-92aa-080f58b73c39@rowland.harvard.edu>
Date: Tue, 6 Aug 2024 14:36:47 -0400
From: Alan Stern <stern@...land.harvard.edu>
To: color Ice <wirelessdonghack@...il.com>
Cc: gregkh@...uxfoundation.org, kvalo@...nel.org,
linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
linux-wireless@...r.kernel.org, mark.esler@...onical.com,
stf_xl@...pl
Subject: Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer
Dereference&Use-After-Free Vulnerability
On Wed, Aug 07, 2024 at 12:47:26AM +0800, color Ice wrote:
> Hi,
>
> I'm glad that you can address this issue. I believe that this is indeed a
> vulnerability because the issue is caused by the rt2x00 driver's failure to
> properly shut down its async queues. While it requires sudo to execute, it
> is still a problem as it can trigger a kernel system exception. We can
> imagine that this vulnerability could be executed without root permissions
> in certain scenarios. For instance, in many embedded systems, configuring
> udev rules might be necessary to ensure automated operations, and in such
> scenarios, it can be triggered without root permissions.
>
> Therefore, I believe that from a vulnerability perspective, it should
> indeed be eligible for a CVE, as it can be fixed and it is indeed a flaw.
> If this vulnerability is not addressed, future driver processing and
> adaptation may encounter robustness and security issues. I believe security
> issues should be handled with the corresponding seriousness.
>
> Thank you.
You didn't answer my question. Are you able to test patches?
Alan Stern
Powered by blists - more mailing lists