blob: b6b20c4c8a8dd03a858001f3dddd2a5be6ababf7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: undefined behavior or data leak in Virtio drivers with VDUSE
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2103900
https://bugzilla.suse.com/show_bug.cgi?id=1202573#c2
https://lore.kernel.org/stable/20220829073424.5677-1-maxime.coquelin@redhat.com/
https://lore.kernel.org/stable/20220831154923.97809-1-maxime.coquelin@redhat.com/
Notes:
carnil> Asked in the Bugzilla if more information is available. SuSE
carnil> maintainer thinks that the fix is not yet upstream as per
carnil> https://bugzilla.suse.com/show_bug.cgi?id=1202573#c2.
carnil> https://bugzilla.redhat.com/show_bug.cgi?id=2103900#c4 confirms
carnil> it has not yet been upstream'ed by 2022-08-22.
carnil> A patch for review is posted upstream (v3 in above references)
carnil> For 5.19.y fixed as well in 5.19.14.
Bugs:
upstream: released (6.0) [46f8a29272e51b6df7393d58fc5cb8967397ef2b]
5.10-upstream-stable: N/A "Vulnerable code introduced later"
4.19-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (6.0.2-1)
5.10-bullseye-security: N/A "Vulnerable code introduced later"
4.19-buster-security: N/A "Vulnerable code introduced later"
|