| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3f5ec6d7-d291-4b37-8914-3b4347564e98@huawei.com> Date: Mon, 15 Dec 2025 20:42:05 +0800 From: Baokun Li <libaokun1@...wei.com> To: 余昊铖 <3230100410@....edu.cn> CC: <security@...nel.org>, <linux-ext4@...r.kernel.org>, <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] ext4: Fix KASAN use-after-free in ext4_find_extent On 2025-12-15 19:11, 余昊铖 wrote: > Hi, > > I have disabled CONFIG_BLK_DEV_WRITE_MOUNTED and spent some time trying to trigger the reported KASAN issues. And I found neither of the two bugs has been observed since. Is this issue still worth investigating? That essentially confirms the issue is caused by bypassing the filesystem to write directly to the raw disk. This is a known issue and is quite tricky to solve. You can work around this specific class of issues in your fuzz testing by enabling CONFIG_BLK_DEV_WRITE_MOUNTED. Syzbot runs with this configuration enabled by default. Cheers, Baokun > Thanks, > Haocheng Yu > > >> Hi, >> >> On 2025-12-09 20:27, 余昊铖 wrote: >>> Hello, >>> >>> >>> I would like to report a potential security issue in the Linux kernel ext4 filesystem, which I found using a modified syzkaller-based kernel fuzzing tool that I developed. >>> >> I noticed that your configuration has CONFIG_BLK_DEV_WRITE_MOUNTED enabled. >> >> This setting allows bare writes to an already mounted ext4 filesystem, >> meaning certain ext4 metadata (like extent tree blocks) can be modified >> without the filesystem being aware of the changes. >> >> Could you please try disabling CONFIG_BLK_DEV_WRITE_MOUNTED and see >> if the issue is still reproducible? >> >> >> Cheers, >> Baokun
Powered by blists - more mailing lists