| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1a169adc-fe99-4058-a6a7-e32bb694e997@mojatatu.com> Date: Mon, 30 Jun 2025 08:52:22 -0300 From: Victor Nogueira <victor@...atatu.com> To: Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com> Cc: Mingi Cho <mgcho.minic@...il.com>, security@...nel.org, Jiri Pirko <jiri@...nulli.us>, Linux Kernel Network Developers <netdev@...r.kernel.org> Subject: Re: Use-after-free in Linux tc subsystem (v6.15) On 6/30/25 08:06, Jamal Hadi Salim wrote: > On Sun, Jun 29, 2025 at 5:08 PM Cong Wang <xiyou.wangcong@...il.com> wrote: >> >> On Sat, Jun 28, 2025 at 05:26:59PM -0400, Jamal Hadi Salim wrote: >>> On Thu, Jun 26, 2025 at 1:11 AM Mingi Cho <mgcho.minic@...il.com> wrote: >>>> Hello, >>>> >>>> I think the testcase I reported earlier actually contains two >>>> different bugs. The first is returning SUCCESS with an empty TBF qdisc >>>> in tbf_segment, and the second is returning SUCCESS with an empty QFQ >>>> qdisc in qfq_enqueue. >>>> >>> >>> Please join the list where a more general solution is being discussed here: >>> https://lore.kernel.org/netdev/aF847kk6H+kr5kIV@pop-os.localdomain/ >> >> I think that one is different, the one here is related to GSO, the above >> linked one is not. Let me think about the GSO issue, since I already >> looked into it before. > > TBH, they all look the same to me - at minimal, they should be tested > against Lion's patch first. Maybe there's a GSO corner case but wasnt > clear to me. I did a quick test of Lion's patch using Mingi's C reproducer. The patch seems to fix the UAF. cheers, Victor
Powered by blists - more mailing lists