Search Linux Wireless

Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Alan, 、
Thank you for your response. Yes, I am able to test patches. Please
provide the necessary patches, and I will conduct the tests to verify
their effectiveness. Best regards,

Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> 于2024年8月7日周三 02:36写道:
>
> On Wed, Aug 07, 2024 at 12:47:26AM +0800, color Ice wrote:
> > Hi,
> >
> > I'm glad that you can address this issue. I believe that this is indeed a
> > vulnerability because the issue is caused by the rt2x00 driver's failure to
> > properly shut down its async queues. While it requires sudo to execute, it
> > is still a problem as it can trigger a kernel system exception. We can
> > imagine that this vulnerability could be executed without root permissions
> > in certain scenarios. For instance, in many embedded systems, configuring
> > udev rules might be necessary to ensure automated operations, and in such
> > scenarios, it can be triggered without root permissions.
> >
> > Therefore, I believe that from a vulnerability perspective, it should
> > indeed be eligible for a CVE, as it can be fixed and it is indeed a flaw.
> > If this vulnerability is not addressed, future driver processing and
> > adaptation may encounter robustness and security issues. I believe security
> > issues should be handled with the corresponding seriousness.
> >
> > Thank you.
>
> You didn't answer my question.  Are you able to test patches?
>
> Alan Stern





[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux