lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <172787504822.64996.12000204584360248821.b4-ty@kernel.dk>
Date: Wed, 02 Oct 2024 07:17:28 -0600
From: Jens Axboe <axboe@...nel.dk>
To: Justin Sanders <justin@...aid.com>, 
 Chun-Yi Lee <joeyli.kernel@...il.com>
Cc: Pavel Emelianov <xemul@...nvz.org>, Kirill Korotaev <dev@...nvz.org>, 
 "David S . Miller" <davem@...emloft.net>, Nicolai Stange <nstange@...e.com>, 
 Greg KH <gregkh@...uxfoundation.org>, linux-block@...r.kernel.org, 
 linux-kernel@...r.kernel.org, Chun-Yi Lee <jlee@...e.com>
Subject: Re: [PATCH v3] aoe: fix the potential use-after-free problem in
 more places


On Wed, 02 Oct 2024 11:54:58 +0800, Chun-Yi Lee wrote:
> For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential
> use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put()
> instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs
> into use-after-free.
> 
> Then Nicolai Stange found more places in aoe have potential use-after-free
> problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe()
> and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push
> packet to tx queue. So they should also use dev_hold() to increase the
> refcnt of skb->dev.
> 
> [...]

Applied, thanks!

[1/1] aoe: fix the potential use-after-free problem in more places
      commit: 6d6e54fc71ad1ab0a87047fd9c211e75d86084a3

Best regards,
-- 
Jens Axboe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ