Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp770360pxj;
        Wed, 2 Jun 2021 10:58:25 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyEplTDSaVlbQ0p5nHoyj0PQAPYhfWFqqkGC5EA/G/N+WWRa0FhX5gRtBgPKY34biWcytVt
X-Received: by 2002:a17:906:e4b:: with SMTP id q11mr18650573eji.404.1622656705656;
        Wed, 02 Jun 2021 10:58:25 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1622656705; cv=none;
        d=google.com; s=arc-20160816;
        b=0S4p6HhZZMUbcPUxfbiIrt0rg6BxvKR4pn6Q22nmhe3XwF1v+tEIfjWmR2+at5awvN
         NdXuFxEq0NnOOxFDMuvfWneXSG7MoUf7JU+DInbs3wy3IXtIeh8bCqcdHTQW6fqHAW7N
         HX0EksUKOBAdb91nEDfrh84ABFMNJqySxtUI2q9GELHzUtPxNSVm+IV2gpIczbdEus8p
         CGXZMIB/oAhng5GVb+M1jYes801jpUNeaewKVdJTlRJCoCeJcKmaHYw7NX4jQD2GMQOa
         SSpJOvoMDG7Ku3/fOhst+D4ZV/cjYes57hv5HH4Pb1RzQsZ1Cd8uQ6JKOMGQiccdJ+0c
         qNNg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-transfer-encoding
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:dkim-signature;
        bh=UexleCdDvtI+WxXeebef3WXr5hTyTAk4Mxh1hUdGQVs=;
        b=kHUXZ+woft7xC7cELpdaz7l4oKKaSqHXJmdCTLf+PZRqy7YA6z+hnwP5pv8CZq0r/P
         a2N97AKKdb+ioM34gTlc57Tmm5cfCB4gfR71j9d6+HaclEQk7yhIsNqTQ8c9cKuPTLZc
         c6G6wJ5E0PXO5ckOiWh8C8RV82KgLvbIr/VG8P6YmeO9bLI/8x+3KcYiE2RTGAia7uys
         lZlOJkmvmJMFvQcfNEBjJ1BhAtBa5ewPsSXoobXlkuuh5VKKndtu3Mtdk/nxVxOSIA0y
         1DvXLLPTb3iPqLOjvNvf6d85g/WAwT/nQRlPHfDY+9me9uqJhKpXiGJ1n5xznJ87wKnn
         aWLQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=j2uvTS0g;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id x9si497578eje.114.2021.06.02.10.57.49;
        Wed, 02 Jun 2021 10:58:25 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=j2uvTS0g;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230378AbhFBR6Y (ORCPT <rfc822;lukasz.wituch.linux@gmail.com>
        + 99 others); Wed, 2 Jun 2021 13:58:24 -0400
Received: from mail.kernel.org ([198.145.29.99]:48470 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S229467AbhFBR6X (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 2 Jun 2021 13:58:23 -0400
Received: by mail.kernel.org (Postfix) with ESMTPSA id D7F2061DAA;
        Wed,  2 Jun 2021 17:56:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1622656600;
        bh=di7qnIoRuVmUc7S1bq5974ayyTkJke4QQK1OYu5tyZ4=;
        h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
        b=j2uvTS0gAKA+jwF0zh05OfPHjiNe0Bcep4HlCGs3mRSiv4ZrSX6xTj9nOAZKvgd0v
         WsOnD9we8mBqYnIjeHcRVV9blSycelD9hJMdkfjYGOCZAOQxuAkaTBQvjOYsgNlFIw
         hRxi472lh7DJKUhyl+ii47XUbeKwPIcuICloFbQc=
Date:   Wed, 2 Jun 2021 19:56:32 +0200
From:   Greg KH <gregkh@linuxfoundation.org>
To:     SyzScope <syzscope@gmail.com>
Cc:     Luis Chamberlain <mcgrof@kernel.org>,
        syzbot <syzbot+9b91d635e2b51efd6371@syzkaller.appspotmail.com>,
        Martin Fuzzey <mfuzzey@parkeon.com>,
        Shuah Khan <shuah@kernel.org>, linux-kernel@vger.kernel.org,
        rafael@kernel.org, sunjunyong@xiaomi.com, sunjy516@gmail.com,
        syzkaller-bugs@googlegroups.com
Subject: Re: [syzbot] KASAN: use-after-free Read in fw_load_sysfs_fallback
Message-ID: <YLfGUNpTU5BE27IT@kroah.com>
References: <000000000000721b1305bf043595@google.com>
 <20210403013143.GV4332@42.do-not-panic.com>
 <07acfc7a-cfa4-5f14-b2ee-14790ff58363@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <07acfc7a-cfa4-5f14-b2ee-14790ff58363@gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Jun 02, 2021 at 10:08:39AM -0700, SyzScope wrote:
> Hi,
> We have analyzed this bug and realize that it is security-critical.
> Specifically, according to our investigation, it will lead to a
> use-after-free write (instead of the originally reported use-after-free
> read) and thus highly likely exploitable. More details can be found at:
> 
> https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-fw_load_sysfs_fallback <https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-fw_load_sysfs_fallback>
> 
> 
> We understand that creating a patch can be time-consuming and there is
> probably a long list of bugs pending fixes. We hope that our security
> analysis can enable an informed decision on which bugs to fix first
> (prioritization).
> 
> Since the bug has been on syzbot for over two months (first found on
> 03-22-2020), it is best to have the bug fixed early?enough to avoid it being
> weaponized.

Great, please work to provide a fix!  See the archives for more details
if you are curious about this.

thanks,

greg k-h