vmci: prevent speculation leaks by sanitizing event in event_deliver() (8003f00d) · Commits · Mirrors / git.yoctoproject.org / linux-yocto · GitLab

Commit 8003f00d authored Apr 30, 2024 by

Hagar Gamal Halim Hemdan Committed by Greg Kroah-Hartman May 03, 2024

vmci: prevent speculation leaks by sanitizing event in event_deliver()



Coverity spotted that event_msg is controlled by user-space,
event_msg->event_data.event is passed to event_deliver() and used
as an index without sanitization.

This change ensures that the event index is sanitized to mitigate any
possibility of speculative information leaks.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Only compile tested, no access to HW.

Fixes: 1d990201 ("VMCI: event handling implementation.")
Cc: stable <stable@kernel.org>
Signed-off-by: Hagar Gamal Halim Hemdan <hagarhem@amazon.com>
Link: https://lore.kernel.org/stable/20231127193533.46174-1-hagarhem%40amazon.com
Link: https://lore.kernel.org/r/20240430085916.4753-1-hagarhem@amazon.com


Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 35230d31

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 95bac1c8
· Jun 26, 2024

mentioned in commit 95bac1c8

mentioned in commit 95bac1c8bedb362374ea1937b1d3e833e01174ee

Toggle commit list
mirror @mirror
mentioned in commit e293c6b3
· Jun 26, 2024

mentioned in commit e293c6b3

mentioned in commit e293c6b38ac9029d76ff0d2a6b2d74131709a9a8

Toggle commit list

Please register or to comment