[PATCH 0/1][Groovy] CVE-2021-29266: vDPA UAF when reopening chardev
Tim Gardner
tim.gardner at canonical.com
Fri Apr 2 17:24:48 UTC 2021
[SRU Justification]
An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c
has a use-after-free because v->config_ctx has an invalid value upon re-opening
a character device, aka CID-f6bbf0010ba0.
Introduced by commit 776f395004d829bbbf18c159ed9beb517a208c71 (v5.8)
[Test Plan]
none
[Where problems could occur]
Released in stable kernels:
linux-5.10.y
linux-5.11.y
[Other Info]
None
More information about the kernel-team
mailing list