[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220704112619.GZ16517@kadam>
Date: Mon, 4 Jul 2022 14:26:19 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Soumya Negi <soumya.negi97@...il.com>
Cc: syzbot+9d567e08d3970bfd8271@...kaller.appspotmail.com,
syzkaller-bugs@...glegroups.com,
Xiaolong Huang <butterflyhuangxx@...il.com>,
stable@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: Test patch for KASAN: global-out-of-bounds Read in
detach_capi_ctr
On Fri, Jul 01, 2022 at 06:08:29AM -0700, Soumya Negi wrote:
> #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
> 3f8a27f9e27bd78604c0709224cec0ec85a8b106
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAHH-VXdqp0ZGKyJWE76zdyKwhv104JRA8ujUY5NoYO47HC9XWQ%40mail.gmail.com.
> From 3aa5aaffef64a5574cbdb3f5c985bc25b612140c Mon Sep 17 00:00:00 2001
> From: Soumya Negi <soumya.negi97@...il.com>
> Date: Fri, 1 Jul 2022 04:52:17 -0700
> Subject: [PATCH] isdn: capi: Add check for controller count in
> detach_capi_ctr()
>
> Fixes Syzbot bug:
> https://syzkaller.appspot.com/bug?id=14f4820fbd379105a71fdee357b0759b90587a4e
>
> This patch checks whether any ISDN devices are registered before unregistering
> a CAPI controller(device). Without the check, the controller struct capi_str
> results in out-of-bounds access bugs to other CAPI data strucures in
> detach_capri_ctr() as seen in the bug report.
>
This bug was already fixed by commit 1f3e2e97c003 ("isdn: cpai: check
ctr->cnr to avoid array index out of bound").
It just needs to be backported. Unfortunately there was no Fixes tag so
it wasn't picked up. Also I'm not sure how backports work in netdev.
regards,
dan carpenter
Powered by blists - more mailing lists