lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7792df9a.9245.197cf193a6a.Coremail.linma@zju.edu.cn>
Date: Thu, 3 Jul 2025 15:03:46 +0800 (GMT+08:00)
From: "Lin Ma" <linma@....edu.cn>
To: "Greg KH" <gregkh@...uxfoundation.org>
Cc: wkang77@...il.com, linux-staging@...ts.linux.dev,
	linux-kernel@...r.kernel.org, stable@...nel.org
Subject: Re: [PATCH v1 1/2] staging: gdm724x: fix type confusion in
 gdm_lte_event_rcv()

Hello Greg,

> > ```
> > 
> > - by `dev->type`. See ax25_device_event()
> > ```
> > static int ax25_device_event(struct notifier_block *this, unsigned long event,
> >                  void *ptr)
> > {
> >     struct net_device *dev = netdev_notifier_info_to_dev(ptr);
> > 
> >     ......
> > 
> >     /* Reject non AX.25 devices */
> >     if (dev->type != ARPHRD_AX25)
> >         return NOTIFY_DONE;
> > ```
> 
> 
> Those are core functions that all drivers are using, and the "type" of
> device is also ok to look at.  You are trying to compare a specific
> callback in this change, which feels wrong to me.

Got it. I will try to prepare another version.

> 
> Wait, what tree are you making this change against?  I don't even see
> the file you are trying to patch in the latest tree, are you sure it's
> not just deleted already?
> 
> ...
> 
> Again, make sure this file is still present in the tree before going
> further :)
> 
> thanks,
> 
> greg k-h

Yes, you are right, just like how I pointed out in the patch:

"""
This bug was "fixed" in upstream kernel by the commit 1c2d364e7f7f
("staging: gdm724x: Remove unused driver"). However, other stable
versions still contain it. Fix the confusion bug by adding checks.
"""

That is, together with another identified bug, has already been deleted the
latest upstream kernel. (see https://lore.kernel.org/lkml/20250703052837.15458-1-linma@zju.edu.cn/T/#u)

I sent this patch just because the stable version, like 5.15.186, still
contains it. T.T

Therefore, shall I proceed with the patches? Or maybe the stable tree
could also delete that vulnerable code?


Thanks for the reply!


Sincerely
Lin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ