| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALm_T+2AUcGgb+ukfGg5a3=ibQzRe93gHAzjh6XUubCePk=Mig@mail.gmail.com> Date: Tue, 8 Jul 2025 15:21:36 +0800 From: Luka <luka.2016.cs@...il.com> To: Jiri Slaby <jirislaby@...nel.org> Cc: linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org Subject: [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14 Dear Linux Kernel Maintainers, I hope this message finds you well. I am writing to report a potential vulnerability I encountered during testing of the Linux Kernel version v6.14. Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14) Bug Location: drivers/tty/vt/keyboard.c Bug report: https://pastebin.com/yuVJpati Complete log: https://pastebin.com/qKnipvvK Entire kernel config: https://pastebin.com/MRWGr3nv Root Cause Analysis: The vt_do_diacrit() function in the virtual terminal subsystem performs a write to a user-space pointer via __put_user_4() without ensuring that the destination address is mapped and accessible. Under conditions such as memory allocation failure or page table unavailability, this leads to a fault during execution of the mov %eax, (%rcx) instruction. At present, I have not yet obtained a minimal reproducer for this issue. However, I am actively working on reproducing it, and I will promptly share any additional findings or a working reproducer as soon as it becomes available. Thank you very much for your time and attention to this matter. I truly appreciate the efforts of the Linux kernel community. Best regards, Luka
Powered by blists - more mailing lists