| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250812050829.4213-1-hdanton@sina.com>
Date: Tue, 12 Aug 2025 13:08:28 +0800
From: Hillf Danton <hdanton@...a.com>
To: syzbot <syzbot+30754ca335e6fb7e3092@...kaller.appspotmail.com>
Cc: linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [wireless?] KASAN: slab-use-after-free Read in cmp_bss
> Date: Mon, 11 Aug 2025 11:59:31 -0700 [thread overview]
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: c30a13538d9f Merge tag 'bpf-fixes' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=17840842580000
> kernel config: https://syzkaller.appspot.com/x/.config?x=e143c1cd9dadd720
> dashboard link: https://syzkaller.appspot.com/bug?extid=30754ca335e6fb7e3092
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=1766fea2580000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=15e709a2580000
#syz test
--- x/net/wireless/scan.c
+++ y/net/wireless/scan.c
@@ -1904,19 +1904,6 @@ cfg80211_update_known_bss(struct cfg8021
if (known->pub.hidden_beacon_bss &&
!list_empty(&known->hidden_list)) {
- const struct cfg80211_bss_ies *f;
-
- /* The known BSS struct is one of the probe
- * response members of a group, but we're
- * receiving a beacon (beacon_ies in the new
- * bss is used). This can only mean that the
- * AP changed its beacon from not having an
- * SSID to showing it, which is confusing so
- * drop this information.
- */
-
- f = rcu_access_pointer(new->pub.beacon_ies);
- kfree_rcu((struct cfg80211_bss_ies *)f, rcu_head);
return false;
}
--
Powered by blists - more mailing lists