APPLIED: [PATCH 0/1][Groovy] CVE-2021-29266: vDPA UAF when reopening chardev
Kleber Souza
kleber.souza at canonical.com
Fri Apr 9 12:40:26 UTC 2021
On 02.04.21 19:24, Tim Gardner wrote:
> [SRU Justification]
>
> An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c
> has a use-after-free because v->config_ctx has an invalid value upon re-opening
> a character device, aka CID-f6bbf0010ba0.
>
> Introduced by commit 776f395004d829bbbf18c159ed9beb517a208c71 (v5.8)
>
> [Test Plan]
> none
>
> [Where problems could occur]
> Released in stable kernels:
> linux-5.10.y
> linux-5.11.y
>
> [Other Info]
> None
>
>
Applied to groovy/linux.
Thanks,
Kleber
More information about the kernel-team
mailing list