Commit da34dd1b authored Oct 22, 2024 by Hyunwoo Kim Committed by Wen Zhiwei Nov 18, 2024

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

stable inclusion
from stable-v6.6.61
commit b110196fec44fe966952004bd426967c2a8fd358
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IB4YVY

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b110196fec44fe966952004bd426967c2a8fd358



--------------------------------

commit 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f upstream.

During loopback communication, a dangling pointer can be created in
vsk->trans, potentially leading to a Use-After-Free condition.  This
issue is resolved by initializing vsk->trans to NULL.

Cc: stable <stable@kernel.org>
Fixes: 06a8fc78 ("VSOCK: Introduce virtio_vsock_common.ko")
Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Signed-off-by: Wongi Lee <qwerty@theori.io>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <2024102245-strive-crib-c8d3@gregkh>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Wen Zhiwei <wenzhiwei@kylinos.cn>

parent 476b0c55

net/vmw_vsock/virtio_transport_common.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -923,6 +923,7 @@ void virtio_transport_destruct(struct vsock_sock *vsk)
		struct virtio_vsock_sock *vvs = vsk->trans;

		kfree(vvs);
		vsk->trans = NULL;
		}
		EXPORT_SYMBOL_GPL(virtio_transport_destruct);