On 8/29/22 09:48, Greg KH wrote:
On Mon, Aug 29, 2022 at 09:34:24AM +0200, Maxime Coquelin wrote:If the VDUSE application provides a smaller config space than the driver expects, the driver may use uninitialized memory from the stack. This patch prevents it by initializing the buffer passed by the driver to store the config value. This fix addresses CVE-2022-2308. Cc: xieyongji@xxxxxxxxxxxxx Cc: stable@xxxxxxxxxxxxxxx # v5.15+ Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") Acked-by: Jason Wang <jasowang@xxxxxxxxxx> Signed-off-by: Maxime Coquelin <maxime.coquelin@xxxxxxxxxx>Please no blank line above the Acked-by: line here if possible.
Sure. Jason, do you prefer I post a new revision with this single change or you will handle it while applying? Either way is fine to me. Thanks, Maxime
thanks, greg k-h
_______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
