Commit 931cd634 authored Jan 02, 2025 by Hyunwoo Kim Committed by Zhang Changzhong Jan 02, 2025

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

stable inclusion
from stable-v4.19.324
commit 285266ef92f7b4bf7d26e1e95e215ce6a6badb4a
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB8G1F
CVE: CVE-2024-53103

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=285266ef92f7b4bf7d26e1e95e215ce6a6badb4a



--------------------------------

commit e629295bd60abf4da1db85b82819ca6a4f6c1e79 upstream.

When hvs is released, there is a possibility that vsk->trans may not
be initialized to NULL, which could lead to a dangling pointer.
This issue is resolved by initializing vsk->trans to NULL.

Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Link: https://patch.msgid.link/Zys4hCj61V+mQfX2@v4bel-B760M-AORUS-ELITE-AX


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>

parent b68a556b

net/vmw_vsock/hyperv_transport.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -554,6 +554,7 @@ static void hvs_destruct(struct vsock_sock *vsk)
		vmbus_hvsock_device_unregister(chan);

		kfree(hvs);
		vsk->trans = NULL;
		}

		static int hvs_dgram_bind(struct vsock_sock vsk, struct sockaddr_vm addr)