This is a note to let you know that I've just added the patch titled xen/netfront: fix leaking data in shared pages to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: xen-netfront-fix-leaking-data-in-shared-pages.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Tue Jul 5 01:03:49 PM CEST 2022 From: Roger Pau Monne <roger.pau@xxxxxxxxxx> Date: Wed, 6 Apr 2022 17:38:04 +0200 Subject: xen/netfront: fix leaking data in shared pages From: Roger Pau Monne <roger.pau@xxxxxxxxxx> commit 307c8de2b02344805ebead3440d8feed28f2f010 upstream. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Juergen Gross <jgross@xxxxxxxx> Signed-off-by: Juergen Gross <jgross@xxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/xen-netfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -261,7 +261,7 @@ static struct sk_buff *xennet_alloc_one_ if (unlikely(!skb)) return NULL; - page = alloc_page(GFP_ATOMIC | __GFP_NOWARN); + page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO); if (!page) { kfree_skb(skb); return NULL; Patches currently in stable-queue which might be from roger.pau@xxxxxxxxxx are queue-5.4/xen-netfront-fix-leaking-data-in-shared-pages.patch queue-5.4/xen-blkfront-force-data-bouncing-when-backend-is-untrusted.patch queue-5.4/xen-blkfront-fix-leaking-data-in-shared-pages.patch queue-5.4/xen-netfront-force-data-bouncing-when-backend-is-untrusted.patch