17 Sep
2022
17 Sep
'22
4:14 a.m.
On 9/16/22 15:47, Tadeusz Struk wrote:
Syzbot found an issue in usbmon where it can corrupt monitor internal memory causing the usbmon to crash with segfault, UAF, etc. The reproducer mmaps the /dev/usbmon memory to userspace and overwrites it with arbitrary data, which causes the issues. To prevent that explicitly clear the VM_WRITE flag in mon_bin_mmap().
Cc:linux-usb@vger.kernel.org Cc:linux-kernel@vger.kernel.org Cc:stable@vger.kernel.org Fixes: 6f23ee1fefdc ("USB: add binary API to usbmon") Link:https://syzkaller.appspot.com/bug?id=2eb1f35d6525fa4a74d75b4244971e5b1411c95... Signed-off-by: Tadeusz Struktadeusz.struk@linaro.org
I forgot to add: Reported-by: syzbot+23f57c5ae902429285d7@syzkaller.appspotmail.com
--
Thanks,
Tadeusz