Re: KASAN: use-after-free Write in keyspan_close

From: Rondreis
Date: Wed Sep 21 2022 - 11:45:34 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.19 01/38] of: fdt: fix off-by-one error in unflatten_dt_nodes()"
Previous message: Greg KH: "Re: [PATCH 0/2] Fix some hotplug event issues"
In reply to: Greg KH: "Re: KASAN: use-after-free Write in keyspan_close"
Next in thread: Greg KH: "Re: KASAN: use-after-free Write in keyspan_close"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thank you for your reply!

This is a “fake” device. We emulated some functions with the built-in
gadget module as a virtual device side for fuzzing. It can pass through
the matching phase and, to some extent the probing phase.
As you said, the configuration options are correct.

After a successful attachment, we extracted the file_operations
of the device files on both sides to find the corresponding system calls.
Later, by fuzzing the dual-sided device with system calls, it is
equivalent to considering data threats from both peripheral and user space.

We are open to any suggestions and hope to submit a patch capable
of fixing this bug in the near future.

Best Regards,
Rondreis

Next message: Greg Kroah-Hartman: "[PATCH 5.19 01/38] of: fdt: fix off-by-one error in unflatten_dt_nodes()"
Previous message: Greg KH: "Re: [PATCH 0/2] Fix some hotplug event issues"
In reply to: Greg KH: "Re: KASAN: use-after-free Write in keyspan_close"
Next in thread: Greg KH: "Re: KASAN: use-after-free Write in keyspan_close"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]