oss-sec mailing list archives
Re: CVE-2022-2602 - Linux kernel io_uring UAF
From: Adam Reynolds <adamajreynolds () gmail com>
Date: Tue, 8 Nov 2022 11:47:40 -0800
On Mon, Nov 7, 2022 at 7:30 AM John Smith <smitchj013 () outlook com> wrote:
Hello. Do anyone try this PoC? On my side it's not working on 5.4, 5.10 and 5.15 with KASAN on. KASAN is quiet. Any ideas? 27.10.2022, 21:05, "Thadeu Lima de Souza Cascardo" <cascardo () canonical com>:On Tue, Oct 18, 2022 at 01:59:51PM -0300, Thadeu Lima de Souza Cascardo wrote: Sorry about posting this late, but here it is. poc.c Cascardo.
I ran this against both 5.15.68 and 6.1-rc2 and did not see this, only a memory leak reported by asan: adreynol@ADAM-HOMEDESK ~> sudo ./uaf_iouring ================================================================= ==182==ERROR: LeakSanitizer: detected memory leaks Direct leak of 120 byte(s) in 1 object(s) allocated from: #0 0x4cfa97 in __interceptor_malloc (/home/adreynol/uaf_iouring+0x4cfa97) (BuildId: 2e78344ef59fbab75b1384f5e47ad697da629367) #1 0x512dac in main (/home/adreynol/uaf_iouring+0x512dac) (BuildId: 2e78344ef59fbab75b1384f5e47ad697da629367) #2 0x7fb49165150f in __libc_start_call_main (/lib64/libc.so.6+0x2950f) (BuildId: 85c438f4ff93e21675ff174371c9c583dca00b2c) SUMMARY: AddressSanitizer: 120 byte(s) leaked in 1 allocation(s).
Current thread:
- CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo (Oct 18)
- Re: CVE-2022-2602 - Linux kernel io_uring UAF David Bouman (Oct 19)
- Re: CVE-2022-2602 - Linux kernel io_uring UAF Thadeu Lima de Souza Cascardo (Oct 27)
- <Possible follow-ups>
- Re: CVE-2022-2602 - Linux kernel io_uring UAF John Smith (Nov 07)
- Re: CVE-2022-2602 - Linux kernel io_uring UAF Adam Reynolds (Nov 08)