Re: [syzbot] [crypto?] KMSAN: uninit-value in af_alg_free_sg (2)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello.
This bug is the same bug that is mentioned in
https://lore.kernel.org/all/20231211135949.689204-1-syoshida@xxxxxxxxxx/.
And I also reproduced it with repro.c in
https://lore.kernel.org/all/CABOYnLxaHBEaSRaEU+kDsHF8a=9AokO1ZUEVtpeT9ddL8giw3A@xxxxxxxxxxxxxx/
also see in https://gist.github.com/xrivendell7/b10745f297bd2d12a2e48155920996d2
and also a simple root cause analysis.

The incorrect logic of unlock_free label can really cause security issue like
KASAN: double-free in af_alg_free_sg
KASAN: slab-use-after-free in af_alg_free_sg
KASAN: slab-use-after-free Read in hash_sock_destruct

and it needs a quick fix.

I hope it helps.

Best regards.
xingwei Lee




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux