* security_inode_follow_link: KASAN UAF localization report
@ 2026-06-08 5:31 David Maximiliano Hermitte
0 siblings, 0 replies; only message in thread
From: David Maximiliano Hermitte @ 2026-06-08 5:31 UTC (permalink / raw)
To: paul
Cc: jmorris, serge, viro, brauner, jack, linux-security-module,
linux-fsdevel, linux-kernel, David Maximiliano Hermitte
Hello,
I reproduced this issue locally in a QEMU/TCG VM and I can confirm a valid BEFORE signal.
Summary of the local evidence:
- Reproducer started: yes
- KASAN seen: yes
- use-after-free seen: yes
- target function seen: security_inode_follow_link
- target file seen: security/security.c
- Call Trace seen: yes
- RIP seen: yes
- BEFORE validation: true
At this point I am treating this as a localization report, not as a final patch submission.
The trace points to the security_inode_follow_link / link-follow path. I would prefer not to guess the final fix, since I do not yet have a validated AFTER patch for this issue.
I can provide the reproducer evidence and retest any proposed patch if helpful.
Thanks,
David
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-08 5:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-08 5:31 security_inode_follow_link: KASAN UAF localization report David Maximiliano Hermitte
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox