Several high-risk bugs' patches haven't been applied on latest Ubuntu kernel.
SyzScope
syzscope at gmail.com
Thu May 6 00:36:31 UTC 2021
Hi,
This is SyzScope, a research project that aims to reveal high-risk
primitives from a seemingly low-risk bug (UAF/OOB read, WARNING, BUG, etc.).
We noticed that Ubuntu did a good jobs of applying patches from
high-risk bugs(OOB/UAF write), but Ubuntu hasn't always applied patches
from seemingly low-risk bugs.
However, some of those seemingly low-risk bugs are in fact high-risk bugs.
SyzScope discovered at least one high-risk primitive(memory
write/func-ptr-deref) in the bugs below, their patches seems haven't
been applied on Ubuntu -groovy.
Regrading the bug "KASAN: use-after-free Read in hci_send_acl"
(https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1),
SyzScope reports 51 memory write primitives from this bug. The detailed
comments can be found at
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl
Regrading the bug "KASAN: use-after-free Read in cipso_v4_genopt"
(https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e),
SyzScope reports 6 memory write primitives from this bug. The detailed
comments can be found at
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt
Regrading the bug "KASAN: use-after-free Read in path_init (2)"
(https://syzkaller.appspot.com/bug?id=a13951ba83ba7ba6e67fa8b504e8bc31f61616cb),
SyzScope reports 86 memory write primitives from this bug. The detailed
comments can be found at
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-path_init-2
These bugs above are a portion of our findings, we are happy to provide
more if they benefit the Ubuntu community .
Please let us know if SyzScope indeed helps, and any suggestions/feedback.
More information about the kernel-team
mailing list