| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <25a912f1.9be7.19156073fad.Coremail.13514081436@163.com> Date: Thu, 15 Aug 2024 20:33:21 +0800 (CST) From: wkx <13514081436@....com> To: "Florian Westphal" <fw@...len.de> Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, netdev@...r.kernel.org, 21210240012@...udan.edu.cn Subject: Re:Re: [BUG net] possible use after free bugs due to race condition Thank you for your reply! 在 2024-08-13 03:00:57,"Florian Westphal" <fw@...len.de> 写道: >wkx <13514081436@....com> wrote: >> >> >> Our team recently developed a vulnerability detection tool, and we have employed it to scan the Linux Kernel (version 6.9.6). After manual review, we found some potentially vulnerable code snippets, which may have use-after-free bugs due to race conditions. Therefore, we would appreciate your expert insight to confirm whether these vulnerabilities could indeed pose a risk to the system. >> >> 1. /drivers/net/ethernet/broadcom/bcm63xx_enet.c >> >> In bcm_enet_probe, &priv->mib_update_task is bounded with bcm_enet_update_mib_counters_defer. bcm_enet_isr_mac will be called to start the work. >> If we remove the driver which will call bcm_enet_remove to make a cleanup, there may be unfinished work. >> The possible sequence is as follows: >> CPU0 CPU1 >> >> | bcm_enet_update_mib_counters_defer >> bcm_enet_remove | > > unregister_netdev(dev); > >... which should end up calling bcm_enet_stop() (via ops->ndo_stop in >__dev_close_many()). This calls cancel_work_sync(). > >Did not look at the others.
Powered by blists - more mailing lists