lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <84c82380-4210-4efe-a269-6a40c3e39e61@redhat.com>
Date: Thu, 23 Jan 2025 10:56:45 +0100
From: Paolo Abeni <pabeni@...hat.com>
To: Chenyuan Yang <chenyuan0y@...il.com>,
 Uwe Kleine-König <u.kleine-koenig@...libre.com>
Cc: andrew+netdev@...n.ch, davem@...emloft.net, edumazet@...gle.com,
 kuba@...nel.org, paul@...pouillou.net, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org, zijie98@...il.com
Subject: Re: [PATCH] net: davicom: fix UAF in dm9000_drv_remove

On 1/21/25 9:04 PM, Chenyuan Yang wrote:
> On Mon, Jan 20, 2025 at 11:33 PM Uwe Kleine-König
> <u.kleine-koenig@...libre.com> wrote:
>> On Mon, Jan 20, 2025 at 04:25:57PM -0600, Chenyuan Yang wrote:
>>> dm is netdev private data and it cannot be
>>> used after free_netdev() call. Using adpt after free_netdev()
>>
>> What is adpt?
> 
> This should be "dm".
> 
>>> can cause UAF bug. Fix it by moving free_netdev() at the end of the
>>> function.
>>
>> "can cause"? Doesn't that trigger reliable?
>>
>> How did you find that issue? Did this actually trigger for you, or is it
>> a static checker that found it? Please mention that in the commit log.
> 
> This is detected by our static checker. Thus, we don't have a
> test-case to trigger it stably.
> Basically, it has the buggy pattern as the commit mentioned below.
> 
>>> This is similar to the issue fixed in commit
>>> ad297cd2db8953e2202970e9504cab247b6c7cb4 ("net: qcom/emac: fix UAF in emac_remove").
>>
>> Please shorten the commit id, typically to 12 chars as you did in the
>> Fixes line below.
> 
> Sure! Should I send a Patch v2 for this commit?

Please do! while at it, please also include the target tree ('net') in
the subj prefix.

Thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ