Hello. We are Ubisectech Sirius Team, the vulnerability lab of China ValiantSec. Recently, our team has discovered a issue in Linux kernel 6.7.0-g9d1694dc91ce. Attached to the email were a POC file of the issue. Stack dump: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.7.0-g9d1694dc91ce #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:__queue_work+0x9d/0x1160 kernel/workqueue.c:1727 Call Trace: <TASK> queue_work_on+0xf2/0x110 kernel/workqueue.c:1837 queue_work include/linux/workqueue.h:548 [inline] ieee80211_queue_work net/mac80211/util.c:898 [inline] ieee80211_queue_work+0x111/0x180 net/mac80211/util.c:891 ath9k_wmi_event_tasklet+0x327/0x450 drivers/net/wireless/ath/ath9k/wmi.c:168 tasklet_action_common.constprop.0+0x229/0x390 kernel/softirq.c:780 __do_softirq+0x1d4/0x85e kernel/softirq.c:553 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x31/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x63c/0x9f0 kernel/smpboot.c:164 kthread+0x2cc/0x3b0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__queue_work+0x9d/0x1160 kernel/workqueue.c:1727 Thank you for taking the time to read this email and we look forward to working with you further. Ubisectech Sirius Team Web: www.ubisectech.com Email: bugrep...@ubisectech.com
横板竖版组合LOGO_画板 1.png
Description: Binary data
poc.c
Description: Binary data
