From: Yang Yingliang
Date: Tue, 10 Sep 2019 18:56:57 +0800
> I got a UAF repport in tun driver when doing fuzzy test:
...
> tun_chr_read_iter() accessed the memory which freed by free_netdev()
> called by tun_set_iff():
>
> CPUA CPUB
> tun_set
On 2019/9/10 下午6:56, Yang Yingliang wrote:
I got a UAF repport in tun driver when doing fuzzy test:
[ 466.269490]
==
[ 466.271792] BUG: KASAN: use-after-free in tun_chr_read_iter+0x2ca/0x2d0
[ 466.271806] Read of size 8 at add
I got a UAF repport in tun driver when doing fuzzy test:
[ 466.269490]
==
[ 466.271792] BUG: KASAN: use-after-free in tun_chr_read_iter+0x2ca/0x2d0
[ 466.271806] Read of size 8 at addr 888372139250 by task tun-test/2699
[ 466
