* [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14
@ 2025-07-08 7:21 Luka
2025-07-08 7:49 ` Greg KH
2025-07-08 8:46 ` Jiri Slaby
0 siblings, 2 replies; 6+ messages in thread
From: Luka @ 2025-07-08 7:21 UTC (permalink / raw)
To: Jiri Slaby; +Cc: linux-kernel, linux-serial
Dear Linux Kernel Maintainers,
I hope this message finds you well.
I am writing to report a potential vulnerability I encountered during
testing of the Linux Kernel version v6.14.
Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14)
Bug Location: drivers/tty/vt/keyboard.c
Bug report: https://pastebin.com/yuVJpati
Complete log: https://pastebin.com/qKnipvvK
Entire kernel config: https://pastebin.com/MRWGr3nv
Root Cause Analysis:
The vt_do_diacrit() function in the virtual terminal subsystem
performs a write to a user-space pointer via __put_user_4() without
ensuring that the destination address is mapped and accessible.
Under conditions such as memory allocation failure or page table
unavailability, this leads to a fault during execution of the mov
%eax, (%rcx) instruction.
At present, I have not yet obtained a minimal reproducer for this
issue. However, I am actively working on reproducing it, and I will
promptly share any additional findings or a working reproducer as soon
as it becomes available.
Thank you very much for your time and attention to this matter. I
truly appreciate the efforts of the Linux kernel community.
Best regards,
Luka
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14
2025-07-08 7:21 [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14 Luka
@ 2025-07-08 7:49 ` Greg KH
2025-07-09 7:07 ` Krzysztof Kozlowski
2025-07-08 8:46 ` Jiri Slaby
1 sibling, 1 reply; 6+ messages in thread
From: Greg KH @ 2025-07-08 7:49 UTC (permalink / raw)
To: Luka; +Cc: Jiri Slaby, linux-kernel, linux-serial
On Tue, Jul 08, 2025 at 03:21:36PM +0800, Luka wrote:
> Dear Linux Kernel Maintainers,
>
> I hope this message finds you well.
>
> I am writing to report a potential vulnerability I encountered during
> testing of the Linux Kernel version v6.14.
>
> Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14)
>
> Bug Location: drivers/tty/vt/keyboard.c
>
> Bug report: https://pastebin.com/yuVJpati
>
> Complete log: https://pastebin.com/qKnipvvK
>
> Entire kernel config: https://pastebin.com/MRWGr3nv
>
> Root Cause Analysis:
> The vt_do_diacrit() function in the virtual terminal subsystem
> performs a write to a user-space pointer via __put_user_4() without
> ensuring that the destination address is mapped and accessible.
Where? I see calls to put_user() happening in that function, and the
return value is properly checked. What lines exactly show the issue?
> Under conditions such as memory allocation failure or page table
> unavailability, this leads to a fault during execution of the mov
> %eax, (%rcx) instruction.
Again, a normal call to put_user() should be catching this. Are you
sure you are looking at the latest kernel tree?
> At present, I have not yet obtained a minimal reproducer for this
> issue. However, I am actively working on reproducing it, and I will
> promptly share any additional findings or a working reproducer as soon
> as it becomes available.
Please do.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14
2025-07-08 7:21 [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14 Luka
2025-07-08 7:49 ` Greg KH
@ 2025-07-08 8:46 ` Jiri Slaby
2025-07-09 7:07 ` Krzysztof Kozlowski
1 sibling, 1 reply; 6+ messages in thread
From: Jiri Slaby @ 2025-07-08 8:46 UTC (permalink / raw)
To: Luka; +Cc: linux-kernel, linux-serial
On 08. 07. 25, 9:21, Luka wrote:
> Dear Linux Kernel Maintainers,
>
> I hope this message finds you well.
>
> I am writing to report a potential vulnerability I encountered during
> testing of the Linux Kernel version v6.14.
>
> Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14)
>
> Bug Location: drivers/tty/vt/keyboard.c
>
> Bug report: https://pastebin.com/yuVJpati
>
> Complete log: https://pastebin.com/qKnipvvK
>
> Entire kernel config: https://pastebin.com/MRWGr3nv
>
> Root Cause Analysis:
> The vt_do_diacrit() function in the virtual terminal subsystem
> performs a write to a user-space pointer via __put_user_4() without
> ensuring that the destination address is mapped and accessible.
> Under conditions such as memory allocation failure or page table
> unavailability, this leads to a fault during execution of the mov
> %eax, (%rcx) instruction.
Which is exactly how it should behave, right? If #PF, then it jumps to
__put_user_handle_exception and returns EFAULT.
regards,
--
js
suse labs
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14
2025-07-08 7:49 ` Greg KH
@ 2025-07-09 7:07 ` Krzysztof Kozlowski
2025-07-09 10:15 ` Greg KH
0 siblings, 1 reply; 6+ messages in thread
From: Krzysztof Kozlowski @ 2025-07-09 7:07 UTC (permalink / raw)
To: Greg KH, Luka; +Cc: Jiri Slaby, linux-kernel, linux-serial
On 08/07/2025 09:49, Greg KH wrote:
> On Tue, Jul 08, 2025 at 03:21:36PM +0800, Luka wrote:
>> Dear Linux Kernel Maintainers,
>>
>> I hope this message finds you well.
>>
>> I am writing to report a potential vulnerability I encountered during
>> testing of the Linux Kernel version v6.14.
>>
>> Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14)
>>
>> Bug Location: drivers/tty/vt/keyboard.c
>>
>> Bug report: https://pastebin.com/yuVJpati
>>
>> Complete log: https://pastebin.com/qKnipvvK
>>
>> Entire kernel config: https://pastebin.com/MRWGr3nv
>>
>> Root Cause Analysis:
>> The vt_do_diacrit() function in the virtual terminal subsystem
>> performs a write to a user-space pointer via __put_user_4() without
>> ensuring that the destination address is mapped and accessible.
>
> Where? I see calls to put_user() happening in that function, and the
> return value is properly checked. What lines exactly show the issue?
Greg,
Please don't waste time on this bot. It is AI generated spam. The person
learnt nothing from previous feedback.
I suggest ignoring completely.
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14
2025-07-08 8:46 ` Jiri Slaby
@ 2025-07-09 7:07 ` Krzysztof Kozlowski
0 siblings, 0 replies; 6+ messages in thread
From: Krzysztof Kozlowski @ 2025-07-09 7:07 UTC (permalink / raw)
To: Jiri Slaby, Luka; +Cc: linux-kernel, linux-serial
On 08/07/2025 10:46, Jiri Slaby wrote:
> On 08. 07. 25, 9:21, Luka wrote:
>> Dear Linux Kernel Maintainers,
>>
>> I hope this message finds you well.
>>
>> I am writing to report a potential vulnerability I encountered during
>> testing of the Linux Kernel version v6.14.
>>
>> Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14)
>>
>> Bug Location: drivers/tty/vt/keyboard.c
>>
>> Bug report: https://pastebin.com/yuVJpati
>>
>> Complete log: https://pastebin.com/qKnipvvK
>>
>> Entire kernel config: https://pastebin.com/MRWGr3nv
>>
>> Root Cause Analysis:
>> The vt_do_diacrit() function in the virtual terminal subsystem
>> performs a write to a user-space pointer via __put_user_4() without
>> ensuring that the destination address is mapped and accessible.
>> Under conditions such as memory allocation failure or page table
>> unavailability, this leads to a fault during execution of the mov
>> %eax, (%rcx) instruction.
>
> Which is exactly how it should behave, right? If #PF, then it jumps to
> __put_user_handle_exception and returns EFAULT.
Jiri,
Don't waste time. It's AI generated spam. Same as before.
Best regards,
Krzysztof
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14
2025-07-09 7:07 ` Krzysztof Kozlowski
@ 2025-07-09 10:15 ` Greg KH
0 siblings, 0 replies; 6+ messages in thread
From: Greg KH @ 2025-07-09 10:15 UTC (permalink / raw)
To: Krzysztof Kozlowski; +Cc: Luka, Jiri Slaby, linux-kernel, linux-serial
On Wed, Jul 09, 2025 at 09:07:00AM +0200, Krzysztof Kozlowski wrote:
> On 08/07/2025 09:49, Greg KH wrote:
> > On Tue, Jul 08, 2025 at 03:21:36PM +0800, Luka wrote:
> >> Dear Linux Kernel Maintainers,
> >>
> >> I hope this message finds you well.
> >>
> >> I am writing to report a potential vulnerability I encountered during
> >> testing of the Linux Kernel version v6.14.
> >>
> >> Git Commit: 38fec10eb60d687e30c8c6b5420d86e8149f7557 (tag: v6.14)
> >>
> >> Bug Location: drivers/tty/vt/keyboard.c
> >>
> >> Bug report: https://pastebin.com/yuVJpati
> >>
> >> Complete log: https://pastebin.com/qKnipvvK
> >>
> >> Entire kernel config: https://pastebin.com/MRWGr3nv
> >>
> >> Root Cause Analysis:
> >> The vt_do_diacrit() function in the virtual terminal subsystem
> >> performs a write to a user-space pointer via __put_user_4() without
> >> ensuring that the destination address is mapped and accessible.
> >
> > Where? I see calls to put_user() happening in that function, and the
> > return value is properly checked. What lines exactly show the issue?
>
> Greg,
>
> Please don't waste time on this bot. It is AI generated spam. The person
> learnt nothing from previous feedback.
>
> I suggest ignoring completely.
Thanks for the warning. Given the lack of response to our questions, I
kind of figured that was the case :(
greg k-h
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-07-09 10:15 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-08 7:21 [Bug] WARNING in vt_do_diacrit in Linux Kernel v6.14 Luka
2025-07-08 7:49 ` Greg KH
2025-07-09 7:07 ` Krzysztof Kozlowski
2025-07-09 10:15 ` Greg KH
2025-07-08 8:46 ` Jiri Slaby
2025-07-09 7:07 ` Krzysztof Kozlowski
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).