| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6854f042.a00a0220.137b3.002d.GAE@google.com>
Date: Thu, 19 Jun 2025 22:23:14 -0700
From: syzbot <syzbot+9b9124ae9b12d5af5d95@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in
vmci_host_unlocked_ioctl (3)
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: Re: [syzbot] [kernel?] KMSAN: kernel-infoleak in vmci_host_unlocked_ioctl (3)
Author: lizhi.xu@...driver.com
#syz test
diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c
index b64944367ac5..178febf6c561 100644
--- a/drivers/misc/vmw_vmci/vmci_host.c
+++ b/drivers/misc/vmw_vmci/vmci_host.c
@@ -385,14 +385,20 @@ static int vmci_host_do_send_datagram(struct vmci_host_dev *vmci_host_dev,
return -EINVAL;
}
- dg = memdup_user((void __user *)(uintptr_t)send_info.addr,
- send_info.len);
- if (IS_ERR(dg)) {
+ dg = kzalloc(send_info.len, GFP_KERNEL);
+
+ if (IS_ERR_OR_NULL(dg)) {
vmci_ioctl_err(
"cannot allocate memory to dispatch datagram\n");
return PTR_ERR(dg);
}
+ if (copy_from_user(dg, (void __user *)(uintptr_t)send_info.addr, send_info.len)) {
+ vmci_ioctl_err("copy datagram fails\n");
+ kfree(dg);
+ return -EFAULT;
+ }
+
if (VMCI_DG_SIZE(dg) != send_info.len) {
vmci_ioctl_err("datagram size mismatch\n");
kfree(dg);
Powered by blists - more mailing lists