[PATCH 0/1][Groovy] CVE-2021-29266: vDPA UAF when reopening chardev
Krzysztof Kozlowski
krzysztof.kozlowski at canonical.com
Tue Apr 6 07:07:32 UTC 2021
On 02/04/2021 19:24, Tim Gardner wrote:
> [SRU Justification]
>
> An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c
> has a use-after-free because v->config_ctx has an invalid value upon re-opening
> a character device, aka CID-f6bbf0010ba0.
>
> Introduced by commit 776f395004d829bbbf18c159ed9beb517a208c71 (v5.8)
>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
Best regards,
Krzysztof
More information about the kernel-team
mailing list