lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Jul 2022 13:07:30 +0800 From: butt3rflyh4ck <butterflyhuangxx@...il.com> To: Soumya Negi <soumya.negi97@...il.com> Cc: Greg KH <gregkh@...uxfoundation.org>, Dan Carpenter <dan.carpenter@...cle.com>, syzbot+9d567e08d3970bfd8271@...kaller.appspotmail.com, syzkaller-bugs <syzkaller-bugs@...glegroups.com>, stable@...r.kernel.org, Networking <netdev@...r.kernel.org> Subject: Re: Test patch for KASAN: global-out-of-bounds Read in detach_capi_ctr The patch for this issue had be available upstream last year. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d Regards, butt3rflyh4ck. On Tue, Jul 5, 2022 at 12:59 PM Soumya Negi <soumya.negi97@...il.com> wrote: > > On Mon, Jul 04, 2022 at 01:54:17PM +0200, Greg KH wrote: > > On Mon, Jul 04, 2022 at 02:26:19PM +0300, Dan Carpenter wrote: > > > > > > On Fri, Jul 01, 2022 at 06:08:29AM -0700, Soumya Negi wrote: > > > > #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git > > > > 3f8a27f9e27bd78604c0709224cec0ec85a8b106 > > > > > > > > -- > > > > You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. > > > > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@...glegroups.com. > > > > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAHH-VXdqp0ZGKyJWE76zdyKwhv104JRA8ujUY5NoYO47HC9XWQ%40mail.gmail.com. > > > > > > > From 3aa5aaffef64a5574cbdb3f5c985bc25b612140c Mon Sep 17 00:00:00 2001 > > > > From: Soumya Negi <soumya.negi97@...il.com> > > > > Date: Fri, 1 Jul 2022 04:52:17 -0700 > > > > Subject: [PATCH] isdn: capi: Add check for controller count in > > > > detach_capi_ctr() > > > > > > > > Fixes Syzbot bug: > > > > https://syzkaller.appspot.com/bug?id=14f4820fbd379105a71fdee357b0759b90587a4e > > > > > > > > This patch checks whether any ISDN devices are registered before unregistering > > > > a CAPI controller(device). Without the check, the controller struct capi_str > > > > results in out-of-bounds access bugs to other CAPI data strucures in > > > > detach_capri_ctr() as seen in the bug report. > > > > > > > > > > This bug was already fixed by commit 1f3e2e97c003 ("isdn: cpai: check > > > ctr->cnr to avoid array index out of bound"). > > > > > > It just needs to be backported. Unfortunately there was no Fixes tag so > > > it wasn't picked up. Also I'm not sure how backports work in netdev. > > > > That commit has already been backported quite a while ago and is in the > > following releases: > > 4.4.290 4.9.288 4.14.253 4.19.214 5.4.156 5.10.76 5.14.15 5.15 > > > > Thanks for letting me know. Is there a way I can check whether an open > syzbot bug already has a fix as in this case? Right now I am thinking > of running the reproducer on linux-next as well before starting on a > bug. > > -Soumya -- Active Defense Lab of Venustech
Powered by blists - more mailing lists