Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability

From: LidongLI
Date: Tue Aug 06 2024 - 22:12:13 EST

Next message: Nicolin Chen: "[PATCH v11 0/9] Add Tegra241 (Grace) CMDQV Support (part 1/2)"
Previous message: Andrew Jeffery: "Re: [PATCH v2 0/5] Update the device tree for Ampere's BMC platform"
In reply to: Theodore Ts'o: "Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear

Yes, dev.reset does indeed require root privileges, but what we find abnormal is, as I noted in the POC, a normal reset is not problematic. However, after time.sleep(0.1), it triggers some issues.

import usb.core
dev = usb.core.find(idVendor=0xb58e, idProduct=0x0005)
time.sleep(0.1) # It actually needs a sleep of 0.1 or 0.2 seconds to take effect; otherwise, it follows normal development logic. For example, when there is an exception error like 'resource busy', a dev.reset is required.
dev.reset()

Thank you for your response. Yes, I am able to test patches. Please provide the necessary patches, and I will conduct the tests to verify their effectiveness.

Best regards

Next message: Nicolin Chen: "[PATCH v11 0/9] Add Tegra241 (Grace) CMDQV Support (part 1/2)"
Previous message: Andrew Jeffery: "Re: [PATCH v2 0/5] Update the device tree for Ampere's BMC platform"
In reply to: Theodore Ts'o: "Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]