[SRU][F/J/N/O][PATCH 0/1] CVE-2024-50264
Magali Lemes
magali.lemes at canonical.com
Mon Nov 25 15:38:32 UTC 2024
[Impact]
During loopback communication, a dangling pointer can be created in
vsk->trans, potentially leading to a Use-After-Free condition. This
issue is resolved by initializing vsk->trans to NULL.
[Fix]
Oracular: Clean cherry-pick
Noble: Clean cherry-pick
Jammy: Clean cherry-pick
Focal: Clean cherry-pick
Bionic: Fix sent to ESM ML
Xenial: Not affected
Trusty: Not affected
[Test Case]
Compile tested.
[Where problems could occur]
This patch touches virtio transport for vsock, but due to its limited
scope issues here are unlikely to happen.
Hyunwoo Kim (1):
vsock/virtio: Initialization of the dangling pointer occurring in
vsk->trans
net/vmw_vsock/virtio_transport_common.c | 1 +
1 file changed, 1 insertion(+)
--
2.34.1
More information about the kernel-team
mailing list