Hi! It has been a long time. Is there any new updates about the validation of the vulnerability or something else? Also, I'm wondering if I can get a CVE based on this report. Thanks a lot! 刘通 <lyutoon@xxxxxxxxx> 于2024年4月24日周三 14:12写道: > > Hi upstream community, > > I was fuzzing a LTS version of Linux kernel 5.15.148 with my modified > syzkaller and I found a bug named "KASAN: use-after-free in > snd_usbtv_pcm_close". > > I tested the PoC on 5.5.148 ~ 6.8+ with sanitizer on and found > sanitizer through a panic as "KASAN: use-after-free in > snd_usbtv_pcm_close". > > The syzkaller log, report, kernel config, PoC can be found here: > https://drive.google.com/file/d/12ubxzCGrkUVz8BWRwprHjRHYh3l0oMMd/view?usp=sharing > > # Analysis: > I wrote an analysis to explain the root cause in an markdown file (in > Chinese, so you may use translators to read it... Sorry about that) > which can be found here: > https://drive.google.com/file/d/1-TjLRqLs1_C_MDgvAy-TURxldUabW2Eq/view?usp=sharing > > # Step to reproduce: > 1. download the zip file > 2. unzip it > 3. compile the kernel (5.15.148) with kernel_config > 4. start the kernel with qemu vm > 5. scp repro.c to the vm > 6. compile the repro.cprog and run it: gcc repro.c -o exp && ./exp > 7. you will see the KASAN error > > # Note: > I didn't find any related reports on the internet, which indicates > that it may be a 0day. Hope the upstream can help check and fix it. > And I'll be happy to provide more information if needed. > > Best, > Tong
