| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d2c9f54e-9171-4970-b9c1-a6c70532e5ad@kernel.org> Date: Wed, 9 Jul 2025 09:07:00 +0200 From: Krzysztof Kozlowski <krzk@...nel.org> To: Greg KH <gregkh@...uxfoundation.org>, Luka <luka.2016.cs@...il.com> Cc: Jiri Slaby <jirislaby@...nel.org>, linux-kernel@...r.kernel.org, linux-serial@...r.kernel.org Subject: Re: [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14 On 08/07/2025 09:49, Greg KH wrote: > On Tue, Jul 08, 2025 at 03:21:36PM +0800, Luka wrote: >> Dear Linux Kernel Maintainers, >> >> I hope this message finds you well. >> >> I am writing to report a potential vulnerability I encountered during >> testing of the Linux Kernel version v6.14. >> >> Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14) >> >> Bug Location: drivers/tty/vt/keyboard.c >> >> Bug report: https://pastebin.com/yuVJpati >> >> Complete log: https://pastebin.com/qKnipvvK >> >> Entire kernel config: https://pastebin.com/MRWGr3nv >> >> Root Cause Analysis: >> The vt_do_diacrit() function in the virtual terminal subsystem >> performs a write to a user-space pointer via __put_user_4() without >> ensuring that the destination address is mapped and accessible. > > Where? I see calls to put_user() happening in that function, and the > return value is properly checked. What lines exactly show the issue? Greg, Please don't waste time on this bot. It is AI generated spam. The person learnt nothing from previous feedback. I suggest ignoring completely. Best regards, Krzysztof
Powered by blists - more mailing lists