| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Dec 2022 15:41:36 +0100
From: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
To: Minsuk Kang <linuxlovemin@...sei.ac.kr>, netdev@...r.kernel.org
Cc: linma@....edu.cn, davem@...emloft.net, sameo@...ux.intel.com,
linville@...driver.com, dokyungs@...sei.ac.kr,
jisoo.jang@...sei.ac.kr
Subject: Re: [PATCH net v2] nfc: pn533: Clear nfc_target before being used
On 13/12/2022 15:38, Krzysztof Kozlowski wrote:
> On 13/12/2022 15:27, Minsuk Kang wrote:
>> Fix a slab-out-of-bounds read that occurs in nla_put() called from
>> nfc_genl_send_target() when target->sensb_res_len, which is duplicated
>> from an nfc_target in pn533, is too large as the nfc_target is not
>> properly initialized and retains garbage values. Clear nfc_targets with
>> memset() before they are used.
>>
>> Found by a modified version of syzkaller.
>>
>> BUG: KASAN: slab-out-of-bounds in nla_put
>> Call Trace:
>> memcpy
>> nla_put
>> nfc_genl_dump_targets
>> genl_lock_dumpit
>> netlink_dump
>> __netlink_dump_start
>> genl_family_rcv_msg_dumpit
>> genl_rcv_msg
>> netlink_rcv_skb
>> genl_rcv
>> netlink_unicast
>> netlink_sendmsg
>> sock_sendmsg
>> ____sys_sendmsg
>> ___sys_sendmsg
>> __sys_sendmsg
>> do_syscall_64
>>
>> Fixes: 673088fb42d0 ("NFC: pn533: Send ATR_REQ directly for active device detection")
>> Fixes: 361f3cb7f9cf ("NFC: DEP link hook implementation for pn533")
>> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>
>
> How did it happen? From where did you get it?
I double checked - I did not send it. This is some fake tag. Please do
not add fake/invented/created tags with people's names.
Best regards,
Krzysztof
Powered by blists - more mailing lists