lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Sep 2021 18:02:53 +0800 From: butt3rflyh4ck <butterflyhuangxx@...il.com> To: Arnd Bergmann <arnd@...db.de> Cc: Karsten Keil <isdn@...ux-pingi.de>, "David S. Miller" <davem@...emloft.net>, Networking <netdev@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Bluez mailing list <linux-bluetooth@...r.kernel.org>, Marcel Holtmann <marcel@...tmann.org>, Johan Hedberg <johan.hedberg@...il.com>, Luiz Augusto von Dentz <luiz.dentz@...il.com> Subject: Re: There is an array-index-out-bounds bug in detach_capi_ctr in drivers/isdn/capi/kcapi.c > When I last touched the capi code, I tried to remove it all, but we then > left it in the kernel because the bluetooth cmtp code can still theoretically > use it. > > May I ask how you managed to run into this? Did you find the bug through > inspection first and then produce it using cmtp, or did you actually use > cmtp? I fuzz the bluez system and find a crash to analyze it and reproduce it. > If the only purpose of cmtp is now to be a target for exploits, then I > would suggest we consider removing both cmtp and capi for > good after backporting your fix to stable kernels. Obviously > if it turns out that someone actually uses cmtp and/or capi, we > should not remove it. > Yes, I think this should be feasible. Regards butt3rflyh4ck. -- Active Defense Lab of Venustech
Powered by blists - more mailing lists