lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: 
 <173497743701.3921163.18071428597161743809.git-patchwork-notify@kernel.org>
Date: Mon, 23 Dec 2024 18:10:37 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Ilya Shchipletsov <rabbelkin@...l.ru>
Cc: netdev@...r.kernel.org, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, pabeni@...hat.com, horms@...nel.org,
 linux-hams@...r.kernel.org, linux-kernel@...r.kernel.org, hfggklm@...il.com
Subject: Re: [PATCH] netrom: check buffer length before accessing it

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@...nel.org>:

On Thu, 19 Dec 2024 08:23:07 +0000 you wrote:
> Syzkaller reports an uninit value read from ax25cmp when sending raw message
> through ieee802154 implementation.
> 
> =====================================================
> BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119
>  ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119
>  nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601
>  nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774
>  nr_xmit+0x5a/0x1c0 net/netrom/nr_dev.c:144
>  __netdev_start_xmit include/linux/netdevice.h:4940 [inline]
>  netdev_start_xmit include/linux/netdevice.h:4954 [inline]
>  xmit_one net/core/dev.c:3548 [inline]
>  dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564
>  __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349
>  dev_queue_xmit include/linux/netdevice.h:3134 [inline]
>  raw_sendmsg+0x654/0xc10 net/ieee802154/socket.c:299
>  ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96
>  sock_sendmsg_nosec net/socket.c:730 [inline]
>  __sock_sendmsg net/socket.c:745 [inline]
>  ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584
>  ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638
>  __sys_sendmsg net/socket.c:2667 [inline]
>  __do_sys_sendmsg net/socket.c:2676 [inline]
>  __se_sys_sendmsg net/socket.c:2674 [inline]
>  __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674
>  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>  do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83
>  entry_SYSCALL_64_after_hwframe+0x63/0x6b
> 
> [...]

Here is the summary with links:
  - netrom: check buffer length before accessing it
    https://git.kernel.org/netdev/net/c/a4fd163aed2e

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ