| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 5 Mar 2016 02:00:29 +0300 From: Andrey Konovalov <andreyknvl@...il.com> To: Oliver Neukum <oneukum@...e.de> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Dmitry Vyukov <dvyukov@...gle.com>, Alexander Potapenko <glider@...gle.com>, Kostya Serebryany <kcc@...gle.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, USB list <linux-usb@...r.kernel.org>, Network Development <netdev@...r.kernel.org> Subject: Re: Possible double-free in the usbnet driver On Sat, Mar 5, 2016 at 1:42 AM, Oliver Neukum <oneukum@...e.de> wrote: > On Sat, 2016-03-05 at 01:26 +0300, Andrey Konovalov wrote: >> and when I run the vm and connect the device I get: >> >> [ 23.672662] cdc_ncm 1-1:1.6: bind() failure >> [ 23.673447] usbnet_probe(): freeing netdev: ffff88006ab48000 >> [ 23.675822] usbnet_probe(): freeing netdev: ffff88006ab48000 >> >> So this seems to be a double-free (or at least a double free_netdev() >> call), but the object gets freed twice from usbnet_probe() and not >> from usbnet_disconnect(), so you're right that the latter doesn't get >> called. I'm not sure how usbnet_probe() ends up being called twice. > > Do you have lsusb? You mean inside the vm? I do. > > Regards > Oliver > >
Powered by blists - more mailing lists