| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADvbK_dgLr5dUVqc=hxjj3n8wn8azkAp=K2Jr-pcuzUBk+et1Q@mail.gmail.com> Date: Fri, 24 Oct 2025 12:01:48 -0400 From: Xin Long <lucien.xin@...il.com> To: Ranganath V N <vnranganath.20@...il.com> Cc: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, linux-sctp@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com, syzbot+d101e12bccd4095460e7@...kaller.appspotmail.com Subject: Re: [PATCH v2] net: sctp: fix KMSAN uninit-value in sctp_inq_pop On Fri, Oct 24, 2025 at 7:44 AM Ranganath V N <vnranganath.20@...il.com> wrote: > > Fix an issue detected by syzbot: > > KMSAN reported an uninitialized-value access in sctp_inq_pop > BUG: KMSAN: uninit-value in sctp_inq_pop > > The issue is actually caused by skb trimming via sk_filter() in sctp_rcv(). > In the reproducer, skb->len becomes 1 after sk_filter(), which bypassed the > original check: > > if (skb->len < sizeof(struct sctphdr) + sizeof(struct sctp_chunkhdr) + > skb_transport_offset(skb)) > To handle this safely, a new check should be performed after sk_filter(). > > Reported-by: syzbot+d101e12bccd4095460e7@...kaller.appspotmail.com > Tested-by: syzbot+d101e12bccd4095460e7@...kaller.appspotmail.com > Fixes: https://syzkaller.appspot.com/bug?extid=d101e12bccd4095460e7 > Suggested-by: Xin Long <lucien.xin@...il.com> > Signed-off-by: Ranganath V N <vnranganath.20@...il.com> Acked-by: Xin Long <lucien.xin@...il.com> Thanks for the follow up.
Powered by blists - more mailing lists