| Message ID | 20240131225925.47013-1-bethany.jamison@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-0340 | expand |
On Wed, Jan 31, 2024 at 04:59:24PM -0600, Bethany Jamison wrote: > [Impact] > > A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the > Linux kernel, which does not properly initialize memory in messages passed > between virtual guests and the host operating system in the > vhost/vhost.c:vhost_new_msg() function. This issue can allow local > privileged users to read some kernel memory contents when reading from the > /dev/vhost-net device file. > > [Fix] > > Clean cherry-pick. > > [Test Case] > > Compile and boot test. > > [Regression Potential] > > Issues could occur in vhost when making a new message. > > Prathu Baronia (1): > vhost: use kzalloc() instead of kmalloc() followed by memset() > > drivers/vhost/vhost.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
On 31-01-2024 23:59, Bethany Jamison wrote: > [Impact] > > A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the > Linux kernel, which does not properly initialize memory in messages passed > between virtual guests and the host operating system in the > vhost/vhost.c:vhost_new_msg() function. This issue can allow local > privileged users to read some kernel memory contents when reading from the > /dev/vhost-net device file. > > [Fix] > > Clean cherry-pick. > > [Test Case] > > Compile and boot test. > > [Regression Potential] > > Issues could occur in vhost when making a new message. > > Prathu Baronia (1): > vhost: use kzalloc() instead of kmalloc() followed by memset() > > drivers/vhost/vhost.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > Applied to jammy, focal master-next branches. Thanks!