Re: [PATCH v2] vduse: prevent uninitialized memory accesses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 29, 2022 at 3:34 PM Maxime Coquelin
<maxime.coquelin@xxxxxxxxxx> wrote:
>
> If the VDUSE application provides a smaller config space
> than the driver expects, the driver may use uninitialized
> memory from the stack.
>
> This patch prevents it by initializing the buffer passed by
> the driver to store the config value.
>
> This fix addresses CVE-2022-2308.
>
> Cc: xieyongji@xxxxxxxxxxxxx
> Cc: stable@xxxxxxxxxxxxxxx # v5.15+
> Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace")
>
> Acked-by: Jason Wang <jasowang@xxxxxxxxxx>
> Signed-off-by: Maxime Coquelin <maxime.coquelin@xxxxxxxxxx>

Reviewed-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx>

Thanks,
Yongji



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux