| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f75182a8-90f9-466e-a96b-d454c770f0a5@kernel.org> Date: Tue, 15 Jul 2025 12:45:00 +0200 From: Krzysztof Kozlowski <krzk@...nel.org> To: jackysliu <1972843537@...com>, anil.gurumurthy@...gic.com Cc: sudarsana.kalluru@...gic.com, James.Bottomley@...senPartnership.com, martin.petersen@...cle.com, linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] [PATCH] scsi:bfa: Double-free vulnerability fix On 24/06/2025 13:58, jackysliu wrote: > In the QLogic BR-series Fibre Channel driver (bfad), > there exists a double-free vulnerability. > When the bfad_im_probe() function fails during initialization, > the memory pointed to by bfad->im is freed without > setting bfad->im to NULL. > Subsequently, during driver uninstallation, > when the state machine enters the bfad_sm_stopping state > and calls the bfad_im_probe_undo() function, > it attempts to free the memory pointed to by bfad->im again, > thereby triggering a double-free vulnerability. > > Signed-off-by: jackysliu <1972843537@...com> > --- > drivers/scsi/bfa/bfad_im.c | 1 + > 1 file changed, 1 insertion(+) You should disclose that you used some AI tool for that... and that other report(s) was really fake finding. People should know you generated it with AI, so they could make informed decision whether to even allocate time here. Best regards, Krzysztof
Powered by blists - more mailing lists