Commit e246393e authored by Hyunwoo Kim's avatar Hyunwoo Kim Committed by Zhang Changzhong
Browse files

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans 

stable inclusion
from stable-v5.10.230
commit eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AUY
CVE: CVE-2024-50264

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1



--------------------------------

commit 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f upstream.

During loopback communication, a dangling pointer can be created in
vsk->trans, potentially leading to a Use-After-Free condition.  This
issue is resolved by initializing vsk->trans to NULL.

Cc: stable <stable@kernel.org>
Fixes: 06a8fc78 ("VSOCK: Introduce virtio_vsock_common.ko")
Signed-off-by: default avatarHyunwoo Kim <v4bel@theori.io>
Signed-off-by: default avatarWongi Lee <qwerty@theori.io>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <2024102245-strive-crib-c8d3@gregkh>
Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parent 220bfa0e

net/vmw_vsock/virtio_transport_common.c

+1 −0
Original line number Diff line number Diff line
@@ -687,6 +687,7 @@ void virtio_transport_destruct(struct vsock_sock *vsk) 
	struct virtio_vsock_sock *vvs = vsk->trans;



	kfree(vvs);

	vsk->trans = NULL;

}

EXPORT_SYMBOL_GPL(virtio_transport_destruct);