On Mon, Jul 04, 2022 at 01:54:17PM +0200, Greg KH wrote:
On Mon, Jul 04, 2022 at 02:26:19PM +0300, Dan Carpenter wrote:
On Fri, Jul 01, 2022 at 06:08:29AM -0700, Soumya Negi wrote:
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git 3f8a27f9e27bd78604c0709224cec0ec85a8b106
-- You received this message because you are subscribed to the Google Groups "syzkaller-bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller-bugs+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller-bugs/CAHH-VXdqp0ZGKyJWE76zdyKwhv....
From 3aa5aaffef64a5574cbdb3f5c985bc25b612140c Mon Sep 17 00:00:00 2001 From: Soumya Negi soumya.negi97@gmail.com Date: Fri, 1 Jul 2022 04:52:17 -0700 Subject: [PATCH] isdn: capi: Add check for controller count in detach_capi_ctr()
Fixes Syzbot bug: https://syzkaller.appspot.com/bug?id=14f4820fbd379105a71fdee357b0759b90587a4...
This patch checks whether any ISDN devices are registered before unregistering a CAPI controller(device). Without the check, the controller struct capi_str results in out-of-bounds access bugs to other CAPI data strucures in detach_capri_ctr() as seen in the bug report.
This bug was already fixed by commit 1f3e2e97c003 ("isdn: cpai: check ctr->cnr to avoid array index out of bound").
It just needs to be backported. Unfortunately there was no Fixes tag so it wasn't picked up. Also I'm not sure how backports work in netdev.
That commit has already been backported quite a while ago and is in the following releases: 4.4.290 4.9.288 4.14.253 4.19.214 5.4.156 5.10.76 5.14.15 5.15
Thanks for letting me know. Is there a way I can check whether an open syzbot bug already has a fix as in this case? Right now I am thinking of running the reproducer on linux-next as well before starting on a bug.
-Soumya