lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Apr 2022 11:30:12 +0000 From: patchwork-bot+netdevbpf@...nel.org To: Lin Ma <linma@....edu.cn> Cc: krzk@...nel.org, davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] NFC: NULL out the dev->rfkill to prevent UAF Hello: This patch was applied to netdev/net-next.git (master) by David S. Miller <davem@...emloft.net>: On Tue, 12 Apr 2022 13:32:08 +0800 you wrote: > Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device") > assumes the device_is_registered() in function nfc_dev_up() will help > to check when the rfkill is unregistered. However, this check only > take effect when device_del(&dev->dev) is done in nfc_unregister_device(). > Hence, the rfkill object is still possible be dereferenced. > > The crash trace in latest kernel (5.18-rc2): > > [...] Here is the summary with links: - NFC: NULL out the dev->rfkill to prevent UAF https://git.kernel.org/netdev/net-next/c/1b0e81416a24 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists