On Mon, Aug 29, 2022 at 09:34:24AM +0200, Maxime Coquelin wrote: > If the VDUSE application provides a smaller config space > than the driver expects, the driver may use uninitialized > memory from the stack. > > This patch prevents it by initializing the buffer passed by > the driver to store the config value. > > This fix addresses CVE-2022-2308. > > Cc: xieyongji@xxxxxxxxxxxxx > Cc: stable@xxxxxxxxxxxxxxx # v5.15+ > Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") > > Acked-by: Jason Wang <jasowang@xxxxxxxxxx> > Signed-off-by: Maxime Coquelin <maxime.coquelin@xxxxxxxxxx> Please no blank line above the Acked-by: line here if possible. thanks, greg k-h