oss-security - Re: KASAN: use-after-free in con

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Date: Wed, 3 Feb 2021 08:19:09 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: ???? <zhaowenjia@....xjtu.edu.cn>
Cc: security@...nel.org, oss-security@...ts.openwall.com,
	jirislaby@...nel.org, nico@...xnic.net
Subject: Re: KASAN: use-after-free in con_scroll

On Wed, Feb 03, 2021 at 03:04:55PM +0800, ???? wrote:
> Dear Linux kernel developers,
> 
> I found a crash "KASAN: use-after-free in con_scroll+0x45c/0x620 drivers/tty/vt/vt.c:641"  when running the syzkaller,  
> 
> It is can be reproduced. I did not find a report about this problem. Hope it is useful.
> 
> 
> 
> 
> Linux version: Linux v5.9-rc8 (549738f15)
> 
> 
> The following is the crash report.
> 
> ==================================================================
> 
> BUG: KASAN: use-after-free in scr_memmovew include/linux/vt_buffer.h:68 [inline]
> BUG: KASAN: use-after-free in con_scroll+0x45c/0x620 drivers/tty/vt/vt.c:641
> Read of size 693770 at addr ffff8880000b894c by task syz-executor.2/7755
> 
> CPU: 0 PID: 7755 Comm: syz-executor.2 Not tainted 5.1.0 #4

5.1.0 is _VERY_ old, please try reproducing this on a more modern kernel
(i.e. 5.10 or newer).

thanks,

greg k-h

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.