| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87o6n4xbp8.fsf@bootlin.com> Date: Thu, 08 Jan 2026 18:21:07 +0100 From: Miquel Raynal <miquel.raynal@...tlin.com> To: Kathara Sasikumar <katharasasikumar007@...il.com> Cc: alex.aring@...il.com, stefan@...enfreihafen.org, davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com, horms@...nel.org, linux-wpan@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, shuah@...nel.org, skhan@...uxfoundation.org, syzbot+60a66d44892b66b56545@...kaller.appspotmail.com Subject: Re: [PATCH] mac802154: fix uninitialized security header fields Hello, On 14/12/2025 at 00:13:39 GMT, Kathara Sasikumar <katharasasikumar007@...il.com> wrote: > KMSAN reported an uninitialized-value access in > ieee802154_hdr_push_sechdr(). This happened because > mac802154_set_header_security() allowed frames with cb->secen=1 but > LLSEC disabled when secen_override=0, leaving parts of the security > header uninitialized. > > Fix the validation so security-enabled frames are rejected whenever > LLSEC is disabled, regardless of secen_override. Also clear the full > header struct in the header creation functions to avoid partial > initialization. > > Reported-by: syzbot+60a66d44892b66b56545@...kaller.appspotmail.com > Tested-by: syzbot+60a66d44892b66b56545@...kaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=60a66d44892b66b56545 > Signed-off-by: Kathara Sasikumar <katharasasikumar007@...il.com> > --- For what I understand... :-) Reviewed-by: Miquel Raynal <miquel.raynal@...tlin.com> Thanks, Miquèl
Powered by blists - more mailing lists