Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAEF3R_5ojvtyejQHGAuJXQ96xDZ3zq9H9Tm8nyh1NxN+1z2UAg@mail.gmail.com>
Date: Tue, 8 Nov 2022 11:47:40 -0800
From: Adam Reynolds <adamajreynolds@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2022-2602 - Linux kernel io_uring UAF

On Mon, Nov 7, 2022 at 7:30 AM John Smith <smitchj013@...look.com> wrote:
>
> Hello.
>
> Do anyone try this PoC? On my side it's not working on 5.4, 5.10 and 5.15 with KASAN on. KASAN is quiet.  Any ideas?
>
> 27.10.2022, 21:05, "Thadeu Lima de Souza Cascardo" <cascardo@...onical.com>:
> > On Tue, Oct 18, 2022 at 01:59:51PM -0300, Thadeu Lima de Souza Cascardo wrote:
> >
> >     Sorry about posting this late, but here it is.
> >     poc.c
> >     Cascardo.
>

I ran this against both 5.15.68 and 6.1-rc2 and did not see this, only
a memory leak reported by asan:

adreynol@...M-HOMEDESK ~> sudo ./uaf_iouring

=================================================================
==182==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 120 byte(s) in 1 object(s) allocated from:
    #0 0x4cfa97 in __interceptor_malloc
(/home/adreynol/uaf_iouring+0x4cfa97) (BuildId:
2e78344ef59fbab75b1384f5e47ad697da629367)
    #1 0x512dac in main (/home/adreynol/uaf_iouring+0x512dac)
(BuildId: 2e78344ef59fbab75b1384f5e47ad697da629367)
    #2 0x7fb49165150f in __libc_start_call_main
(/lib64/libc.so.6+0x2950f) (BuildId:
85c438f4ff93e21675ff174371c9c583dca00b2c)

SUMMARY: AddressSanitizer: 120 byte(s) leaked in 1 allocation(s).

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.