| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YLkhOFPU5mb5vspm@kroah.com>
Date: Thu, 3 Jun 2021 20:36:40 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: SyzScope <syzscope@...il.com>
Cc: syzbot <syzbot+305a91e025a73e4fd6ce@...kaller.appspotmail.com>,
davem@...emloft.net, johan.hedberg@...il.com, kuba@...nel.org,
linux-bluetooth@...r.kernel.org, linux-kernel@...r.kernel.org,
marcel@...tmann.org, netdev@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: KASAN: use-after-free Read in hci_chan_del
On Thu, Jun 03, 2021 at 11:30:08AM -0700, SyzScope wrote:
> Hi developers,
>
> Besides the control flow hijacking primitive we sent before, we managed to
> discover an additional double free primitive in this bug, making this bug
> even more dangerous.
>
> We created a web page with detailed descriptions: https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_chan_del
>
> We understand that creating a patch can be time-consuming and there is
> probably a long list of bugs pending fixes. We hope that our security
> analysis can enable an informed decision on which bugs to fix first
> (prioritization).
>
> Since the bug has been on syzbot for over ten months (first found on
> 08-03-2020 and still can be triggered on 05-08-2021), it is best to have the
> bug fixed early enough to avoid it being weaponized.
Wonderful, please help out by sending a fix for this.
thanks,
greg k-h
Powered by blists - more mailing lists