| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1457131342.8935.2.camel@suse.de> Date: Fri, 04 Mar 2016 23:42:22 +0100 From: Oliver Neukum <oneukum@...e.de> To: Andrey Konovalov <andreyknvl@...il.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Dmitry Vyukov <dvyukov@...gle.com>, Alexander Potapenko <glider@...gle.com>, Kostya Serebryany <kcc@...gle.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, USB list <linux-usb@...r.kernel.org>, Network Development <netdev@...r.kernel.org> Subject: Re: Possible double-free in the usbnet driver On Sat, 2016-03-05 at 01:26 +0300, Andrey Konovalov wrote: > and when I run the vm and connect the device I get: > > [ 23.672662] cdc_ncm 1-1:1.6: bind() failure > [ 23.673447] usbnet_probe(): freeing netdev: ffff88006ab48000 > [ 23.675822] usbnet_probe(): freeing netdev: ffff88006ab48000 > > So this seems to be a double-free (or at least a double free_netdev() > call), but the object gets freed twice from usbnet_probe() and not > from usbnet_disconnect(), so you're right that the latter doesn't get > called. I'm not sure how usbnet_probe() ends up being called twice. Do you have lsusb? Regards Oliver
Powered by blists - more mailing lists