Re: KASAN: stack-out-of-bounds Write in mpol_to_str
From: Andrew Morton
Date: Sat Mar 21 2020 - 02:45:23 EST
On Fri, 20 Mar 2020 12:36:38 +0400 Entropy Moe <3ntr0py1337@xxxxxxxxx> wrote:
> Hello Randy,
> please see attached POC for the vulnerability.
>
Thanks. Ouch. afaict shmem's S_IFREG inode's mpol's preferred_node is
messed up.
I don't think anyone has worked on this code in a decade or more. Is
someone up to taking a look please?
> On Mon, Mar 16, 2020 at 10:46 PM Randy Dunlap <rdunlap@xxxxxxxxxxxxx> wrote:
>
> > On 3/15/20 12:57 PM, Entropy Moe wrote:
> > > Hello team,
> > > how are you ?
> > > I wanted to report a bug on mempolicy.c. I found the bug on the latest
> > version of the kernel.
> > >
> > > which is stack out of bound vulnerability.
> > >
> > > I am attaching report.
> > >
> > > If you need the POC crash code, I can provide.
> >
> > Hi Moe,
> >
> > Please post the POC code and your kernel .config file.
> >
> > thanks.
> > --
> > ~Randy
> >
> >