On Mon, Aug 29, 2022 at 09:34:24AM +0200, Maxime Coquelin wrote: > If the VDUSE application provides a smaller config space > than the driver expects, the driver may use uninitialized > memory from the stack. > > This patch prevents it by initializing the buffer passed by > the driver to store the config value. > > This fix addresses CVE-2022-2308. > > Cc: [email protected] > Cc: [email protected] # v5.15+ > Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") > > Acked-by: Jason Wang <[email protected]> > Signed-off-by: Maxime Coquelin <[email protected]>
Please no blank line above the Acked-by: line here if possible. thanks, greg k-h _______________________________________________ Virtualization mailing list [email protected] https://lists.linuxfoundation.org/mailman/listinfo/virtualization
