oss-sec mailing list archives

Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master

From: Marco Grassi <marco.gra () gmail com>
Date: Mon, 15 Aug 2016 16:10:57 +0800

I just tried several times, but there is some filter that doesn't get along
well with the content or with my gmail.

The message keeps not getting delivered.

Marco

On Mon, Aug 15, 2016 at 3:54 PM, Greg KH <greg () kroah com> wrote:

On Mon, Aug 15, 2016 at 09:20:17AM +0800, Marco Grassi wrote:

Hello, this program will cause a use after free of read 4 in
tcp_xmit_retransmit_queue or other tcp_ functions, often in another

totally

unrelated process.

reproducer + KASAN report is provided, tested on master available at the
time of writing and on 4.8 rc1


Did you send this to the netdev () vger kernel org mailing list so that it
can get fixed?  I don't see it there :(

thanks,

greg k-h

Current thread:

Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 14)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 15)
  - Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 15)
    - Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 15)
    - Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Marco Grassi (Aug 15)
    - Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master Greg KH (Aug 16)
- Re: Linux tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master cve-assign (Aug 17)