lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <xttnvcmu3dep2genvce3r7spreliecx3dc3rynups25q6xilk6@tf4wxe6bdxia>
Date: Tue, 21 Jan 2025 08:33:45 +0100
From: Uwe Kleine-König <u.kleine-koenig@...libre.com>
To: Chenyuan Yang <chenyuan0y@...il.com>
Cc: andrew+netdev@...n.ch, davem@...emloft.net, edumazet@...gle.com, 
	kuba@...nel.org, pabeni@...hat.com, paul@...pouillou.net, netdev@...r.kernel.org, 
	linux-kernel@...r.kernel.org, zijie98@...il.com
Subject: Re: [PATCH] net: davicom: fix UAF in dm9000_drv_remove

Hello,

On Mon, Jan 20, 2025 at 04:25:57PM -0600, Chenyuan Yang wrote:
> dm is netdev private data and it cannot be
> used after free_netdev() call. Using adpt after free_netdev()

What is adpt?

> can cause UAF bug. Fix it by moving free_netdev() at the end of the
> function.

"can cause"? Doesn't that trigger reliable?

How did you find that issue? Did this actually trigger for you, or is it
a static checker that found it? Please mention that in the commit log.
 
> This is similar to the issue fixed in commit
> ad297cd2db8953e2202970e9504cab247b6c7cb4 ("net: qcom/emac: fix UAF in emac_remove").

Please shorten the commit id, typically to 12 chars as you did in the
Fixes line below.

> Fixes: cf9e60aa69ae ("net: davicom: Fix regulator not turned off on driver removal")
> Signed-off-by: Chenyuan Yang <chenyuan0y@...il.com>

Best regards
Uwe

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ