Re: KASAN: use-after-free Read in hci_chan_del

From: SyzScope
Date: Fri Jun 04 2021 - 13:11:08 EST

Next message: Valentin Schneider: "Re: [PATCH v8 06/19] cpuset: Don't use the cpu_possible_mask as a last resort for cgroup v1"
Previous message: Nadav Amit: "Re: [PATCH v2 0/4] iommu/amd: Enable page-selective flushes"
In reply to: Greg KH: "Re: KASAN: use-after-free Read in hci_chan_del"
Next in thread: Greg KH: "Re: KASAN: use-after-free Read in hci_chan_del"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Greg,

Who is working on and doing this "reseach project"?

We are a group of researchers from University of California, Riverside (we introduced ourselves in an earlier email to security@xxxxxxxxxx if you recall). Please allow us to articulate the goal of our research. We'd be happy to hear your feedback and suggestions.

And what is it
doing to actually fix the issues that syzbot finds? Seems like that
would be a better solution instead of just trying to send emails saying,
in short "why isn't this reported issue fixed yet?"

From our limited understanding, we know a key problem with syzbot bugs is that there are too many of them - more than what can be handled by developers and maintainers. Therefore, it seems some form of prioritization on bug fixing would be helpful. The goal of the SyzScope project is to *automatically* analyze the security impact of syzbot bugs, which helps with prioritizing bug fixes. In other words, when a syzbot bug is reported, we aim to attach a corresponding security impact "signal" to help developers make an informed decision on which ones to fix first.

Currently, SyzScope is a standalone prototype system that we plan to open source. We hope to keep developing it to make it more and more useful and have it eventually integrated into syzbot (we are in talks with Dmitry).

We are happy to talk more offline (perhaps even in a zoom meeting if you would like). Thanks in advance for any feedback and suggestions you may have.

On 6/4/2021 2:48 AM, Greg KH wrote:

On Tue, May 04, 2021 at 02:50:03PM -0700, ETenal wrote:

Hi,

This is SyzScope, a research project that aims to reveal high-risk
primitives from a seemingly low-risk bug (UAF/OOB read, WARNING, BUG, etc.).

Who is working on and doing this "reseach project"? And what is it
doing to actually fix the issues that syzbot finds? Seems like that
would be a better solution instead of just trying to send emails saying,
in short "why isn't this reported issue fixed yet?"

thanks,

greg k-h

Next message: Valentin Schneider: "Re: [PATCH v8 06/19] cpuset: Don't use the cpu_possible_mask as a last resort for cgroup v1"
Previous message: Nadav Amit: "Re: [PATCH v2 0/4] iommu/amd: Enable page-selective flushes"
In reply to: Greg KH: "Re: KASAN: use-after-free Read in hci_chan_del"
Next in thread: Greg KH: "Re: KASAN: use-after-free Read in hci_chan_del"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]