| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f4d33bc8-f988-4237-ad99-ceb2036bc197@arnaud-lcm.com> Date: Tue, 22 Jul 2025 09:22:36 +0100 From: "Lecomte, Arnaud" <contact@...aud-lcm.com> To: Alan Stern <stern@...land.harvard.edu> Cc: gregkh@...uxfoundation.org, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk, snovitoll@...il.com, syzbot+86b6d7c8bcc66747c505@...kaller.appspotmail.com, syzkaller-bugs@...glegroups.com Subject: Re: [PATCH] usb: mon: Fix slab-out-of-bounds in mon_bin_event due to unsafe URB transfer_buffer access It clarifies things and makes more sense now. Appreciate the explanation :), thanks for your time Arnaud On 21/07/2025 14:51, Alan Stern wrote: > On Mon, Jul 21, 2025 at 09:22:40AM +0100, Lecomte, Arnaud wrote: >> Hi Alan, thanks for your reply. >> >> Your point raises an important question for me: Is there a specific reason >> why we don’t have >> a synchronization mechanism in place to protect the URB's transfer buffer ? > Protect it from what? Access by some driver at an inappropriate time? > Drivers are supposed to know (and this is alluded to in the kerneldoc > for usb_submit_urb()) that they aren't allowed to touch the transfer > buffer while an URB is queued. > > Alan Stern
Powered by blists - more mailing lists