| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ffc826fe-4753-4e7b-92aa-080f58b73c39@rowland.harvard.edu> Date: Tue, 6 Aug 2024 14:36:47 -0400 From: Alan Stern <stern@...land.harvard.edu> To: color Ice <wirelessdonghack@...il.com> Cc: gregkh@...uxfoundation.org, kvalo@...nel.org, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, linux-wireless@...r.kernel.org, mark.esler@...onical.com, stf_xl@...pl Subject: Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability On Wed, Aug 07, 2024 at 12:47:26AM +0800, color Ice wrote: > Hi, > > I'm glad that you can address this issue. I believe that this is indeed a > vulnerability because the issue is caused by the rt2x00 driver's failure to > properly shut down its async queues. While it requires sudo to execute, it > is still a problem as it can trigger a kernel system exception. We can > imagine that this vulnerability could be executed without root permissions > in certain scenarios. For instance, in many embedded systems, configuring > udev rules might be necessary to ensure automated operations, and in such > scenarios, it can be triggered without root permissions. > > Therefore, I believe that from a vulnerability perspective, it should > indeed be eligible for a CVE, as it can be fixed and it is indeed a flaw. > If this vulnerability is not addressed, future driver processing and > adaptation may encounter robustness and security issues. I believe security > issues should be handled with the corresponding seriousness. > > Thank you. You didn't answer my question. Are you able to test patches? Alan Stern
Powered by blists - more mailing lists