subject:"usb\/wireless\/rsi_91x\: use\-after\-free write in __run_timers"

Re: usb/wireless/rsi_91x: use-after-free write in __run_timers

2017-09-25 Thread Kalle Valo

Andrey Konovalov writes: > On Mon, Sep 25, 2017 at 6:26 AM, Kalle Valo wrote: >> Andrey Konovalov writes: >> >>> I've got the following report while fuzzing the kernel with syzkaller. >>> >>> On commit 6e80ecdddf4ea6f3cd84e83720f3d852e6624a68 (Sep 21). >>> >>> ==

Re: usb/wireless/rsi_91x: use-after-free write in __run_timers

2017-09-25 Thread Andrey Konovalov

On Mon, Sep 25, 2017 at 6:26 AM, Kalle Valo wrote: > Andrey Konovalov writes: > >> I've got the following report while fuzzing the kernel with syzkaller. >> >> On commit 6e80ecdddf4ea6f3cd84e83720f3d852e6624a68 (Sep 21). >> >> == >>

Re: usb/wireless/rsi_91x: use-after-free write in __run_timers

2017-09-24 Thread Kalle Valo

Andrey Konovalov writes: > I've got the following report while fuzzing the kernel with syzkaller. > > On commit 6e80ecdddf4ea6f3cd84e83720f3d852e6624a68 (Sep 21). > > == > BUG: KASAN: use-after-free in __run_timers+0xc0e/0xd40 > Writ

usb/wireless/rsi_91x: use-after-free write in __run_timers

2017-09-22 Thread Andrey Konovalov

Hi! I've got the following report while fuzzing the kernel with syzkaller. On commit 6e80ecdddf4ea6f3cd84e83720f3d852e6624a68 (Sep 21). == BUG: KASAN: use-after-free in __run_timers+0xc0e/0xd40 Write of size 8 at addr 880069f701