ACK: [PATCH 0/1][Groovy] CVE-2021-29266: vDPA UAF when reopening chardev

Krzysztof Kozlowski krzysztof.kozlowski at canonical.com
Tue Apr 6 07:15:13 UTC 2021


On 06/04/2021 09:07, Krzysztof Kozlowski wrote:
> On 02/04/2021 19:24, Tim Gardner wrote:
>> [SRU Justification]
>>
>> An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c
>> has a use-after-free because v->config_ctx has an invalid value upon re-opening
>> a character device, aka CID-f6bbf0010ba0.
>>
>> Introduced by commit 776f395004d829bbbf18c159ed9beb517a208c71 (v5.8)
>>
> 
> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>
> 
> 
> Best regards,
> Krzysztof
> 

One more time - with proper title:

Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski at canonical.com>

Best regards,
Krzysztof



More information about the kernel-team mailing list