On Fri, 1 Feb 2019, Jiri Olsa wrote: > > > > I've just started fuzzing with the patch applied. Often it takes a few > > hours to trigger the bug. > > cool, thanks
I let it run overnight and no crash. > > Added question about this bug. It appeared that the crash was triggered > > by the BTS driver over-writing kernel memory. The data being written, was > > this user controllable? Meaning, is this a security issue being fixed, or > > just a crashing issue? > > yea, I have an example that can trigger it immediately I mean: the crash is happening because data structures are getting over-written by the BTS driver. Depending who and what is doing this, this could be a security issue (i.e. if it was raw BTS data that was partially userspace controlled values). Though even if this were the case it would probably be hard to exploit. Vince
