stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-13 11:07:46 +10:00
Code Issues Releases Wiki Activity
v6.12.46
linux-stable/net/vmw_vsock
History
Will Deacon faf332a103 vsock/virtio: Validate length in packet header before skb_put() 
commit 0dab924844 upstream.

When receiving a vsock packet in the guest, only the virtqueue buffer
size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately,
virtio_vsock_skb_rx_put() uses the length from the packet header as the
length argument to skb_put(), potentially resulting in SKB overflow if
the host has gone wonky.

Validate the length as advertised by the packet header before calling
virtio_vsock_skb_rx_put().

Cc: <stable@vger.kernel.org>
Fixes: 71dc9ec9ac ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
Signed-off-by: Will Deacon <will@kernel.org>
Message-Id: <20250717090116.11987-3-will@kernel.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:30:59 +02:00
..
af_vsock_tap.c
af_vsock.c vsock: Do not allow binding to VMADDR_PORT_ANY 2025-08-15 12:14:09 +02:00
diag.c
hyperv_transport.c
Kconfig
Makefile
virtio_transport_common.c vsock/virtio: fix rx_bytes accounting for stream sockets 2025-06-19 15:31:54 +02:00
virtio_transport.c vsock/virtio: Validate length in packet header before skb_put() 2025-08-28 16:30:59 +02:00
vmci_transport_notify_qstate.c
vmci_transport_notify.c
vmci_transport_notify.h
vmci_transport.c vsock/vmci: Clear the vmci transport packet properly when initializing it 2025-07-10 16:04:41 +02:00
vmci_transport.h
vsock_addr.c
vsock_bpf.c
vsock_loopback.c