KMSAN Trophies

Alexander Potapenko edited this page Jun 7, 2018 · 4 revisions

Trophies

  1. tmp.b_page uninitialized in generic_block_bmap()

  2. strlen() called on non-terminated string in bind() for AF_PACKET

  3. too short socket address passed to selinux_socket_bind()

    • Status: reported upstream
  4. uninitialized msg.msg_flags in recvfrom syscall

  5. incorrect input length validation in nl_fib_input()

  6. uninitialized sockc.tsflags in udpv6_sendmsg()

  7. incorrect input length validation in packet_getsockopt()

  8. incorrect input length validation in raw_send_hdrinc() and rawv6_send_hdrinc()

  9. missing check of nlmsg_parse() return value in rtnl_fdb_dump()

  10. Linux kernel 2.6.0 to 4.12-rc4 infoleak due to a data race in ALSA timer (CVE-2017-1000380)

    • Status: fixed upstream (1, 2)
  11. strlen() incorrectly called on user-supplied memory in dev_set_alias()

  12. waitid() copies uninitialized data to userspace (CVE-2017-14954)

  13. local infoleak via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0 (CVE-2017-14991)

  14. Uninitialized TCP request hash used in cookie_v[46]_check()

  15. _sctp_walk_params() and _sctp_walk_errors() dereference uninitialized pointers

  16. sctp_v6_to_addr() compared addresses to uninit data

  17. tun_get_user() accesses uninitialized data if skb->len is 0

  18. sctp_inet6_skb_msgname() leaks 4 bytes to the userspace

  19. Use of uninitialized memory in inet_ehash_insert()

  20. Buffer overflow in verify_address_len()

    • Status: [fixed upstream (https://github.com/torvalds/linux/commit/06b335cb51af018d5feeff5dd4fd53847ddb675a) by Eric Biggers
  21. Insufficient validation of user provided tunnel names in vti6_tnl_create()

  22. Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

Confirmed bug reports by others:

  1. deprecated_sysctl_warning() reads uninit memory
  2. struct sockaddr length not checked in llcp_sock_connect()
  3. uninitialized default host->id in nvmf_host_default()
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.