| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240807021152.10474-1-wirelessdonghack@gmail.com> Date: Wed, 7 Aug 2024 10:11:52 +0800 From: LidongLI <wirelessdonghack@...il.com> To: gregkh@...uxfoundation.org Cc: kvalo@...nel.org, linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org, linux-wireless@...r.kernel.org, mark.esler@...onical.com, stf_xl@...pl, wirelessdonghack@...il.com, tytso@....edu, stern@...land.harvard.edu Subject: Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability Dear Yes, dev.reset does indeed require root privileges, but what we find abnormal is, as I noted in the POC, a normal reset is not problematic. However, after time.sleep(0.1), it triggers some issues. import usb.core dev = usb.core.find(idVendor=0xb58e, idProduct=0x0005) time.sleep(0.1) # It actually needs a sleep of 0.1 or 0.2 seconds to take effect; otherwise, it follows normal development logic. For example, when there is an exception error like 'resource busy', a dev.reset is required. dev.reset() Thank you for your response. Yes, I am able to test patches. Please provide the necessary patches, and I will conduct the tests to verify their effectiveness. Best regards
Powered by blists - more mailing lists