On Mon, Aug 29, 2022 at 09:34:24AM +0200, Maxime Coquelin wrote: > If the VDUSE application provides a smaller config space > than the driver expects, the driver may use uninitialized > memory from the stack. > > This patch prevents it by initializing the buffer passed by > the driver to store the config value. > > This fix addresses CVE-2022-2308. > > Cc: xieyon...@bytedance.com > Cc: sta...@vger.kernel.org # v5.15+ > Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") > > Acked-by: Jason Wang <jasow...@redhat.com> > Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com>
Please no blank line above the Acked-by: line here if possible. thanks, greg k-h _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization