diff options
| author | Michael S. Tsirkin <mst@redhat.com> | 2018-05-12 00:33:10 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2018-06-26 08:08:08 +0800 |
| commit | 9681c3bdb098f6c87a0422b6b63912c1b90ad197 (patch) | |
| tree | a9826b0b9019992a8ef704fffeab18e4a58fb508 /crypto/seqiv.c | |
| parent | a875bc1c9ec116b7b2b2f15f8edc2a2ac3c51f99 (diff) | |
vhost: fix info leak due to uninitialized memory
commit 670ae9caaca467ea1bfd325cb2a5c98ba87f94ad upstream.
struct vhost_msg within struct vhost_msg_node is copied to userspace.
Unfortunately it turns out on 64 bit systems vhost_msg has padding after
type which gcc doesn't initialize, leaking 4 uninitialized bytes to
userspace.
This padding also unfortunately means 32 bit users of this interface are
broken on a 64 bit kernel which will need to be fixed separately.
Fixes: CVE-2018-1118
Cc: stable@vger.kernel.org
Reported-by: Kevin Easton <kevin@guarana.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'crypto/seqiv.c')
0 files changed, 0 insertions, 0 deletions