Re: Fixing a severe kernel bug

Re: Fixing a severe kernel bug

[Hillf Danton]

[-- Attachment #1: Type: text/plain, Size: 1532 bytes --]

Hey Zhenpeng,
Nice to read your email.
WRT fixing kernel bug found in `cls route4` subsystem, could you add netdev@vger.kernel.org,  linux-mm@kvack.org and linux-kernel@vger.kernel.org to the Cc list?
Because I have no access to google.com, feel free to add lore link to the bugafter taking a look at [1].
Your POC triggering the UAF is welcome, and when you post it, feel free to attachany patch relevant you saw.
ThanksHillf [1] Re: [syzbot] INFO: trying to register non-static key in rxe_cleanup_task - syzbot (kernel.org)

----- Original Message -----
From: Zhenpeng Lin <zplin@u.northwestern.edu>
To: hdanton@sina.com
Subject: Fixing a severe kernel bug
Date: 2022-08-02 11:41

Hi Hillf,
This is Zhenpeng Lin from Northwestern University, I noticed that there are some discussions(https://groups.google.com/g/syzkaller-bugs/c/biJRUL5LBM4/m/0v1148e5AwAJ where you are involved) about a kernel bug found in `cls route4` subsystem. I just want to let you know that the bug is very severe and could lead to privilege escalation very easily. This bug has multiple error behaviors, it shows an ODEBUG bug here but actually could cause a use-after-free and double-free error, which could be exploited easily. If you would like a POC of triggering UAF, let me know and I will be happy to show it.
I saw there already has a patch for that but has not been committed to upstream since Jun, I wonder if you could go ahead and fix the bug as soon as possible.
If you have any questions or concerns, I would be happy to help. 
Best,Zhenpeng

[-- Attachment #2: Type: text/html, Size: 3400 bytes --]

Re: Fixing a severe kernel bug

[Hillf Danton]

On Sat, 06 Aug 2022 14:45:02 +0800 Hillf Danton wrote:
> Hey Zhenpeng,
> 
> Nice to read your email.
> 
> WRT fixing kernel bug found in `cls route4` subsystem, could you add
> netdev@vger.kernel.org, linux-mm@kvack.org and linux-kernel@vger.kernel.org
> to the Cc list?
> 
> Because I have no access to google.com, feel free to add lore link to
> the bug after taking a look at [1].
> 
> Your POC triggering the UAF is welcome, and when you post it, feel free
> to attach any patch relevant you saw.

Two seconds ... If no CVE number assigned to the uaf yet, go to register
it to the CVE system with your POC and all the patches you know survived
your tests before replying to this mail thread.

Dan please help Zhenpeng if he has big difficulty registering a CVE.

> 
> Thanks
> Hillf
> 
> [1] Re: [syzbot] INFO: trying to register non-static key in rxe_cleanup_task - syzbot (kernel.org)

The link should have been
  https://lore.kernel.org/lkml/000000000000f0980c05e5565f2d@google.com/

> 
> ----- Original Message -----
> From: Zhenpeng Lin <zplin@u.northwestern.edu>
> To: hdanton@sina.com
> Subject: Fixing a severe kernel bug
> Date: 2022-08-02 11:41
> 
> Hi Hillf,
> 
> This is Zhenpeng Lin from Northwestern University, I noticed that there
> are some discussions(https://groups.google.com/g/syzkaller-bugs/c/biJRUL5LBM4/m/0v1148e5AwAJ 
> where you are involved) about a kernel bug found in `cls route4` subsystem.
> 
> I just want to let you know that the bug is very severe and could lead to
> privilege escalation very easily. This bug has multiple error behaviors, it
> shows an ODEBUG bug here but actually could cause a use-after-free and
> double-free error, which could be exploited easily.
> 
> If you would like a POC of triggering UAF, let me know and I will be happy
> to show it.
> 
> I saw there already has a patch for that but has not been committed to
> upstream since Jun, I wonder if you could go ahead and fix the bug as soon
> as possible.
> 
> If you have any questions or concerns, I would be happy to help. 
> 
> Best,
> Zhenpeng