lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0520d98d-8289-4cd8-bf37-57bf00750e63@huawei.com>
Date: Thu, 3 Apr 2025 18:14:19 +0800
From: Wang Zhaolong <wangzhaolong1@...wei.com>
To: Steve French <smfrench@...il.com>, Kuniyuki Iwashima <kuniyu@...zon.com>
CC: <bharathsm@...rosoft.com>, <ematsumiya@...e.de>, <kuni1840@...il.com>,
	<linux-cifs@...r.kernel.org>, <pc@...guebit.com>,
	<samba-technical@...ts.samba.org>, <sprasad@...rosoft.com>, <tom@...pey.com>,
	<linux-net@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 0/2] cifs: Revert bogus fix for CVE-2024-54680 and its
 followup commit.



> For a complex issue like this it is important to have at least some
> Tested-by or Reviewed-by for these two, because I was having trouble
> reproducing the various reported problems on Ubuntu (or our Fedora
> test VMs), and the refcount issues are more complicated they seem.
> Let me know if anyone has reviewed these two patches or tested them.
> 

Hi Steve,

I can confirm these issues on my test environment. I'm currently using
Debian Testing (Trixie) for my development work. I've also observed the
unexpected phenomenon on Ubuntu 16.04 LTS when running the test cases.

I suspect the difficulty in reproducing might be related to rootfs image
versions - particularly with older distros like Ubuntu 16.04, as the
test case involves numerous dependent packages.

The issue of net_ns reference count leakage is not fully resolved yet.
Based on that use case, the net_ns count leakage problem can still be
constructed by adding various network faults.

I'm currently modernizing my development environment and working on
automating it. In the future, I will try to provide more comprehensive
reproduction steps when reporting problems, including detailed
instructions for setting up the environment.

Best regards,
Wang Zhaolong

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ