| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANn89iL7_c9FRFUjwacSGHS7K0psFiLKeD9-NcP6Aau14_i4GA@mail.gmail.com> Date: Wed, 21 Jan 2026 16:46:02 +0100 From: Eric Dumazet <edumazet@...gle.com> To: Paul Moses <p@....org> Cc: netdev@...r.kernel.org, Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH net v3 1/7] net/sched: act_gate: zero-initialize netlink dump struct On Wed, Jan 21, 2026 at 4:26 PM Paul Moses <p@....org> wrote: > > Was looking at tcfg_gate_entry and tcf_gate along with this instance of nla_put, but I can't find my notes and I don't see the path currently. Like I said, remove it, I don't care. > > if (nla_put(skb, TCA_GATE_PARMS, sizeof(opt), &opt)) > goto nla_put_failure; To be clear : we have the same pattern in a dozen of net/sched/act_*c files. syzbot already found the problematic ones : - net/sched/act_ife.c - net/sched/act_connmark.c - net/sched/act_ct.c - net/sched/act_skbmod.c We already checked all other files. Unless another maintainer proves me wrong, let's remove this patch from your series. > > > I have months invested into the UAF though and only just in the past 24 hours was able to stabilize into user space, so no effort whatsoever has been put into defeating kaslr or anything requiring infoleak. > > Look forward to more input on the much larger issue at hand. Sure, thanks for working on this.
Powered by blists - more mailing lists