Hi developers,
This is SyzScope, a research project that aims to reveal high-risk primitives from a low-risk bug.
We noticed that Ubuntu did a good jobs of applying patches from high-risk bugs(CVEs, OOB/UAF write), but in our research, we found some low-risk bugs even WARNING may compromise the kernel.
SyzScope discovered at least one high-risk primitive(memory write/func-ptr-deref) in the low-risk bugs bugs below, their patches seems haven't been applied on Ubuntu-groovy.
Regarding the bug "KASAN: use-after-free Read in hci_send_acl" (https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1), SyzScope reports 51 memory write primitives. The detailed comments can be found at https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl
Regarding the bug "KASAN: use-after-free Read in cipso_v4_genopt" (https://syzkaller.appspot.com/bug?id=96e7d345748d8814901c91cd92084ed04b46701e), SyzScope reports 6 memory write primitives. The detailed comments can be found at https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt
Regarding the bug "KASAN: use-after-free Read in path_init (2)" (https://syzkaller.appspot.com/bug?id=a13951ba83ba7ba6e67fa8b504e8bc31f61616cb), SyzScope reports 86 memory write primitives. The detailed comments can be found at https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-path_init-2
Regarding the bug"KASAN: slab-out-of-bounds Read in hci_extended_inquiry_result_evt"(https://syzkaller.appspot.com/bug?id=4bf11aa05c4ca51ce0df86e500fce486552dc8d2), SyzScope reports 8 memory write primitives. The detailed comments can be found at https://sites.google.com/view/syzscope/kasan-slab-out-of-bounds-read-in-hci_extended_inquiry_result_evt.
The bugs above are a portion of our findings, we are happy to provide more if they benefit the community .
Please let us know if SyzScope indeed helps, and any suggestions/feedback.
