From: Hillf Danton <hdanton@sina.com>
To: "Zhenpeng Lin" <zplin@u.northwestern.edu>
Cc: Dan Carpenter <dan.carpenter@oracle.com>,
"linux-mm" <linux-mm@kvack.org>,
"linux-kernel" <linux-kernel@vger.kernel.org>,
"netdev" <netdev@vger.kernel.org>
Subject: Re: Fixing a severe kernel bug
Date: Sat, 6 Aug 2022 20:32:59 +0800 [thread overview]
Message-ID: <20220806123259.1932-1-hdanton@sina.com> (raw)
In-Reply-To: <20220806064502.888BF5204D1@webmail.sinamail.sina.com.cn>
On Sat, 06 Aug 2022 14:45:02 +0800 Hillf Danton wrote:
> Hey Zhenpeng,
>
> Nice to read your email.
>
> WRT fixing kernel bug found in `cls route4` subsystem, could you add
> netdev@vger.kernel.org, linux-mm@kvack.org and linux-kernel@vger.kernel.org
> to the Cc list?
>
> Because I have no access to google.com, feel free to add lore link to
> the bug after taking a look at [1].
>
> Your POC triggering the UAF is welcome, and when you post it, feel free
> to attach any patch relevant you saw.
Two seconds ... If no CVE number assigned to the uaf yet, go to register
it to the CVE system with your POC and all the patches you know survived
your tests before replying to this mail thread.
Dan please help Zhenpeng if he has big difficulty registering a CVE.
>
> Thanks
> Hillf
>
> [1] Re: [syzbot] INFO: trying to register non-static key in rxe_cleanup_task - syzbot (kernel.org)
The link should have been
https://lore.kernel.org/lkml/000000000000f0980c05e5565f2d@google.com/
>
> ----- Original Message -----
> From: Zhenpeng Lin <zplin@u.northwestern.edu>
> To: hdanton@sina.com
> Subject: Fixing a severe kernel bug
> Date: 2022-08-02 11:41
>
> Hi Hillf,
>
> This is Zhenpeng Lin from Northwestern University, I noticed that there
> are some discussions(https://groups.google.com/g/syzkaller-bugs/c/biJRUL5LBM4/m/0v1148e5AwAJ
> where you are involved) about a kernel bug found in `cls route4` subsystem.
>
> I just want to let you know that the bug is very severe and could lead to
> privilege escalation very easily. This bug has multiple error behaviors, it
> shows an ODEBUG bug here but actually could cause a use-after-free and
> double-free error, which could be exploited easily.
>
> If you would like a POC of triggering UAF, let me know and I will be happy
> to show it.
>
> I saw there already has a patch for that but has not been committed to
> upstream since Jun, I wonder if you could go ahead and fix the bug as soon
> as possible.
>
> If you have any questions or concerns, I would be happy to help.
>
> Best,
> Zhenpeng
prev parent reply other threads:[~2022-08-06 12:33 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-06 6:45 Hillf Danton
2022-08-06 12:32 ` Hillf Danton [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220806123259.1932-1-hdanton@sina.com \
--to=hdanton@sina.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=netdev@vger.kernel.org \
--cc=zplin@u.northwestern.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox