lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <h5inuroazw32ramkycbcl3qcvlownj76fig47negxobpw73l7r@edrtex7t7hau>
Date: Mon, 6 Jan 2025 14:55:22 +0100
From: Jan Kara <jack@...e.cz>
To: kun <huk23@...udan.edu.cn>
Cc: jack@...e.com, jack@...e.cz, linux-kernel@...r.kernel.org, 
	jjtan24@...udan.edu.cn
Subject: Re: Use-after-free read in udf_add_fid_counter

Hello!

On Tue 24-12-24 16:15:00, kun wrote:
> When using fuzzer tool to fuzz the latest Linux kernel, the following crash
> was triggered.
> 
> HEAD commit:  78d4f34e2115b517bcbfe7ec0d018bbbb6f9b0b8
> git tree: upstream
> Console output:
> https://drive.google.com/file/d/1ehAmTGzOEnJi1DBbX2g9TMMQjVHeJpIY/view?usp=sharing
> Kernel config: 
> https://drive.google.com/file/d/1RhT5dFTs6Vx1U71PbpenN7TPtnPoa3NI/view?usp=sharing
> C reproducer: 
> https://drive.google.com/file/d/1_1e3UBDrx_Q0vAIQtQg2RDT2FerBc6ar/view?usp=sharing
> Syzlang reproducer:
> https://drive.google.com/file/d/1WEhTD0nI5YfX9zcaa8mYMC_G7Nv_4iZv/view?usp=sharing
> Similar report: https://lkml.org/lkml/2023/5/8/1159

Similarly as in the case of another UDF report, please make sure
CONFIG_BLK_DEV_WRITE_MOUNTED is disabled in the kernel used for fuzzing.
Thanks!

								Honza
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ