[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAEJPjCt_yawtjC-YeAjcJV_VgszM7s7M2c+=1KihAfrqzDjoew@mail.gmail.com>
Date: Tue, 15 Oct 2024 23:45:22 +0800
From: 刘通 <lyutoon@...il.com>
To: linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
mchehab@...nel.org
Subject: Re: KASAN: use-after-free in snd_usbtv_pcm_close (with PoC and analysis)
Hi! It has been a long time. Is there any new updates about the
validation of the vulnerability or something else? Also, I'm wondering
if I can get a CVE based on this report. Thanks a lot!
刘通 <lyutoon@...il.com> 于2024年4月24日周三 14:12写道:
>
> Hi upstream community,
>
> I was fuzzing a LTS version of Linux kernel 5.15.148 with my modified
> syzkaller and I found a bug named "KASAN: use-after-free in
> snd_usbtv_pcm_close".
>
> I tested the PoC on 5.5.148 ~ 6.8+ with sanitizer on and found
> sanitizer through a panic as "KASAN: use-after-free in
> snd_usbtv_pcm_close".
>
> The syzkaller log, report, kernel config, PoC can be found here:
> https://drive.google.com/file/d/12ubxzCGrkUVz8BWRwprHjRHYh3l0oMMd/view?usp=sharing
>
> # Analysis:
> I wrote an analysis to explain the root cause in an markdown file (in
> Chinese, so you may use translators to read it... Sorry about that)
> which can be found here:
> https://drive.google.com/file/d/1-TjLRqLs1_C_MDgvAy-TURxldUabW2Eq/view?usp=sharing
>
> # Step to reproduce:
> 1. download the zip file
> 2. unzip it
> 3. compile the kernel (5.15.148) with kernel_config
> 4. start the kernel with qemu vm
> 5. scp repro.c to the vm
> 6. compile the repro.cprog and run it: gcc repro.c -o exp && ./exp
> 7. you will see the KASAN error
>
> # Note:
> I didn't find any related reports on the internet, which indicates
> that it may be a 0day. Hope the upstream can help check and fix it.
> And I'll be happy to provide more information if needed.
>
> Best,
> Tong
Powered by blists - more mailing lists