lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241016071448.GC2162@kernel.org>
Date: Wed, 16 Oct 2024 08:14:48 +0100
From: Simon Horman <horms@...nel.org>
To: Lin Ma <linma@....edu.cn>
Cc: loic.poulain@...aro.org, ryazanov.s.a@...il.com,
	johannes@...solutions.net, davem@...emloft.net, edumazet@...gle.com,
	kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH net v1] net: wwan: fix global oob in wwan_rtnl_policy

On Tue, Oct 15, 2024 at 09:16:21PM +0800, Lin Ma wrote:
> The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to
> a global out-of-bounds read when parsing the netlink attributes. Exactly
> same bug cause as the oob fixed in commit b33fb5b801c6 ("net: qualcomm:
> rmnet: fix global oob in rmnet_policy").
> 
> ==================================================================
> BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline]
> BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603
> Read of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862

...

> According to the comment of `nla_parse_nested_deprecated`, use correct size
> `IFLA_WWAN_MAX` here to fix this issue.
> 
> Fixes: 88b710532e53 ("wwan: add interface creation support")
> Signed-off-by: Lin Ma <linma@....edu.cn>

Reviewed-by: Simon Horman <horms@...nel.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ