Thread (6 messages) 6 messages, 3 authors, 2022-08-31

Re: [PATCH v2] vduse: prevent uninitialized memory accesses

From: "Michael S. Tsirkin" <mst@redhat.com>
Date: 2022-08-31 15:12:45
Also in: lkml, stable

On Wed, Aug 31, 2022 at 05:01:11PM +0200, Maxime Coquelin wrote:
On 8/29/22 09:48, Greg KH wrote:
quoted
On Mon, Aug 29, 2022 at 09:34:24AM +0200, Maxime Coquelin wrote:
quoted
If the VDUSE application provides a smaller config space
than the driver expects, the driver may use uninitialized
memory from the stack.

This patch prevents it by initializing the buffer passed by
the driver to store the config value.

This fix addresses CVE-2022-2308.

Cc: xieyongji@bytedance.com
Cc: stable@vger.kernel.org # v5.15+
Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace")

Acked-by: Jason Wang <redacted>
Signed-off-by: Maxime Coquelin <redacted>
Please no blank line above the Acked-by: line here if possible.
Sure.

Jason, do you prefer I post a new revision with this single change or
you will handle it while applying? Either way is fine to me.

Thanks,
Maxime
Repost pls, easier.
quoted
thanks,

greg k-h
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help