Conversation

The fixed UAF in key_put in Linux v6.10 through v6.13 is CVE-2025-21893. Thanks @gregkh !!

2
0
0

@jduck @gregkh, Was it you who found the vulnerability? Cool. I think I posted about it on social media, but I didn't see any reference to the finder.

1
0
0

@andersonc0d3 @gregkh nah, syzkaller found it but then the ball got dropped. I was the one that got it rolling again

0
0
0
@jduck We assign on average, 13 CVEs a day for the kernel, what's one more? :)

Seriously, nice job, thanks for seeing the issue through. syzbot finds loads of stuff, we have a lack of people doing the work to fix everything it finds.
0
0
1