| ETenal | Hi developers, I found several critical patches from upstream haven't been applied on ubuntu kernel yet. "Bluetooth: verify AMP hci_chan before amp_destroy"(https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3) was trying to fix "KASAN: use-after-free Read in hci_send_acl"(https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1). Even though | 19:12 |
|---|---|---|
| ETenal | the bug was titled as UAF read, I found sereval memory write primitives behind the UAF read which makes this bug high-risk. The detail can be found at https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl | 19:12 |
| sarnold | hey ETenal, the syzscope folks were kind enough to send along a note https://lists.ubuntu.com/archives/ubuntu-devel/2021-May/041454.html | 19:15 |
| sarnold | it's a real pity they didn't ask the google CNA to assign CVEs with these detailed notes, that would benefit not only ubuntu but also the other distributions | 19:15 |
| sarnold | oh well, I'm sure they'll get that started sooner or later; that'd be an easy way to make the most of their pretty neat symbolic execution tools | 19:18 |
| ETenal | Hi sarnold, thanks for the suggestion. SyzScope is my ongoing research project, I sent the message again in IRC chat since I didn't get any replies from the email. Therefore I'm trying my best to reach out ubuntu kernel developers in IRC chat. It's so glad to know the our messages have been received. Thanks for your suggestions again, we were thinking about applying CVEs for them, but I don't know if they would assign CVEs for | 20:07 |
| ETenal | patched bugs. Anyway, we will try to do this. | 20:07 |
| sarnold | ETenal: ah! | 20:08 |
| sarnold | ETenal: cool cool. it looks like neat stuff. | 20:08 |
| sarnold | ETenal: we've just got a few tire fires going on already.. | 20:08 |
| sarnold | ETenal: *please* do talk with the google cna about assigning cves to these things; prioritizing the gigantic backlog of syzkaller findings based on your results seems like a very useful thing to do, again, not just for us, but everybody else | 20:09 |
| ETenal | Thanks for the suggestions and appreciation. It means a lot to us. | 20:13 |
| sarnold | ETenal: woot! :D | 20:14 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!