lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKHoSAtp6Eu3HoUvdGuaHxt21zoHkVWmmGrRK9mw2T+-r-fEYw@mail.gmail.com>
Date: Mon, 2 Dec 2024 12:31:22 +0800
From: cheung wall <zzqq0103.hey@...il.com>
To: Alexander Viro <viro@...iv.linux.org.uk>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: “BUG: unable to handle kernel paging request in anon_inode_getfile” in Linux Kenrel Version 2.6.32

Hello,

I am writing to report a potential vulnerability identified in the
Linux Kernel version 2.6.32, specifically on the PowerPC architecture.
This issue was discovered using our custom vulnerability discovery
tool.

Affected File:

File: fs/anon_inodes.c

Function: anon_inode_getfile

Detailed Call Stack:

b3f455be4663db/report0
sched_yield()
flistxattr(r7, &(0x7f0000003040)=""/124, 0x7c)
dup(r4)
#executor: Prog has number of calls = 30
0x0
Unable to handle kernel paging request for data at address 0x00000014
Oops: Kernel access of bad area, sig: 11 [#1]
Modules linked in:
REGS: c05cbc60 TRAP: 0300 Not tainted (2.6.32)
DEAR: 00000014, ESR: 00000000
GPR00: 00000000 c05cbd10 c0591330 00000009 c05cbd18 c78020c0 00000000 00000020
GPR16: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
NIP [c00f23c0] anon_inode_getfile+0x90/0x170
root/linux-2.6.32/fs/anon_inodes.c:109
Call Trace:
[c05cbd50] [c00f3e3c] eventfd_file_create+0x8c/0xe0
root/linux-2.6.32/fs/eventfd.c:341
[c05cbd90] [c0003174] execute_syscall+0xcc/0xf0
root/linux-2.6.32/init/executor.c:465
[c05cbfa0] [c00052e8] executor_main+0x2c/0x54
root/linux-2.6.32/init/executor.c:709
[c05cbff0] [c0000398] skpinv+0x2b0/0x2ec
7c00492d 40a2fff4 80090000 90610010 3f20c05d 3be0fff4 4bf28275 7c240b78
---[ end trace 31fd0ba7d8756001 ]---


Root Cause:

The root cause of this issue is the kernel's failure to properly
handle memory access during the execution of the anon_inode_getfile
function. This is likely due to invalid or uninitialized memory being
accessed, possibly as a result of a bug in memory allocation or an
issue with pointer dereferencing. The function attempts to access data
at an invalid address (0x00000014), which leads to a kernel paging
request error, causing a segmentation fault. This could be caused by
improper initialization of the anon_inode structures, incorrect memory
handling, or a bug in the relevant kernel subsystems dealing with
anonymous inodes or file operations.

Thank you for your time and attention.

Best regards

Wall

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ