| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bc57c8b3-4334-4595-8b5a-5233316edcfb@rowland.harvard.edu> Date: Tue, 6 Aug 2024 09:38:46 -0400 From: Alan Stern <stern@...land.harvard.edu> To: LidongLI <wirelessdonghack@...il.com> Cc: gregkh@...uxfoundation.org, kvalo@...nel.org, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, linux-wireless@...r.kernel.org, mark.esler@...onical.com, stf_xl@...pl Subject: Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability On Tue, Aug 06, 2024 at 09:59:04AM +0800, LidongLI wrote: > > Dear Greg, > > Thank you, Greg! > > > Yes, as you mentioned, it requires users to create their own udev > rules, which is not common among Ubuntu personal users. However, in > some non-personal user scenarios, they must pre-add udev rules to meet > their needs. A simple example: in some Ubuntu embedded Linux > scenarios, we found that when starting a wireless hotspot, developers > must configure udev rules to ensure a stable connection, enable > auto-loading of drivers, or auto-run or write USB-based > auto-configuration scripts. > > Alright, thank you for your fix. We will proceed to the email you > specified to request a CVE. LidongLI, are you able to test patches? It looks like the driver does not properly shut down its async queues when it unbinds. The best person to address this problem is the driver's maintainer, Stanislaw Gruszka. Nevertheless, I can help by suggesting things to test. Alan Stern
Powered by blists - more mailing lists