vduse: prevent uninitialized memory accesses (46f8a292) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit 46f8a292 authored Aug 31, 2022 by

Maxime Coquelin Committed by Michael S. Tsirkin Sep 27, 2022

vduse: prevent uninitialized memory accesses

If the VDUSE application provides a smaller config space
than the driver expects, the driver may use uninitialized
memory from the stack.

This patch prevents it by initializing the buffer passed by
the driver to store the config value.

This fix addresses CVE-2022-2308.

Cc: stable@vger.kernel.org # v5.15+
Fixes: c8a6153b

 ("vduse: Introduce VDUSE - vDPA Device in Userspace")
Reviewed-by: Xie Yongji <xieyongji@bytedance.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Maxime Coquelin <maxime.coquelin@redhat.com>
Message-Id: <20220831154923.97809-1-maxime.coquelin@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>

parent 37fafe6b

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit dc248ddf
· Oct 06, 2022

mentioned in commit dc248ddf

mentioned in commit dc248ddf41eab4566e95b1ee2433c8a5134ad94a

Toggle commit list
mirror @mirror
mentioned in commit 38d854c4
· Oct 06, 2022

mentioned in commit 38d854c4

mentioned in commit 38d854c4a11c3bbf6a96ea46f14b282670c784ac

Toggle commit list

Please register or to comment