vmci: prevent speculation leaks by sanitizing event in event_deliver() (e293c6b3) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux

Commit e293c6b3 authored Apr 30, 2024 by

Hagar Gamal Halim Hemdan Committed by Greg Kroah-Hartman Jun 21, 2024

vmci: prevent speculation leaks by sanitizing event in event_deliver()

commit 8003f00d upstream.

Coverity spotted that event_msg is controlled by user-space,
event_msg->event_data.event is passed to event_deliver() and used
as an index without sanitization.

This change ensures that the event index is sanitized to mitigate any
possibility of speculative information leaks.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Only compile tested, no access to HW.

Fixes: 1d990201

 ("VMCI: event handling implementation.")
Cc: stable <stable@kernel.org>
Signed-off-by: Hagar Gamal Halim Hemdan <hagarhem@amazon.com>
Link: https://lore.kernel.org/stable/20231127193533.46174-1-hagarhem%40amazon.com
Link: https://lore.kernel.org/r/20240430085916.4753-1-hagarhem@amazon.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 2d11505e

Hide whitespace changes

Inline Side-by-side

Please register or to comment