Hey Zhenpeng,
Nice to read your email.
WRT fixing kernel bug found in `cls route4` subsystem, could you add netdev@xxxxxxxxxxxxxxx,
linux-mm@xxxxxxxxx and linux-kernel@xxxxxxxxxxxxxxx to the Cc list?
Because I have no access to google.com, feel free to add lore link to the bug
after taking a look at [1].
Your POC triggering the UAF is welcome, and when you post it, feel free to attach
any patch relevant you saw.
Thanks
Hillf
----- Original Message -----
From: Zhenpeng Lin <zplin@xxxxxxxxxxxxxxxxxx>
To: hdanton@xxxxxxxx
Subject: Fixing a severe kernel bug
Date: 2022-08-02 11:41
From: Zhenpeng Lin <zplin@xxxxxxxxxxxxxxxxxx>
To: hdanton@xxxxxxxx
Subject: Fixing a severe kernel bug
Date: 2022-08-02 11:41
Hi Hillf,
This is Zhenpeng Lin from Northwestern University, I noticed that there are some discussions
(https://groups.google.com/g/syzkaller-bugs/c/biJRUL5LBM4/m/0v1148e5AwAJ where you are involved) about a kernel bug found in `cls route4` subsystem. I just want to let you know that the bug is very severe and could lead to privilege escalation very easily. This bug has multiple error behaviors, it shows an ODEBUG bug here but actually could cause a use-after-free and double-free error, which could be exploited easily. If you would like a POC of triggering UAF, let me know and I will be happy to show it.
I saw there already has a patch for that but has not been committed to upstream since Jun, I wonder if you could go ahead and fix the bug as soon as possible.
If you have any questions or concerns, I would be happy to help.
Best,
Zhenpeng