stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-09-13 11:07:46 +10:00
Code Issues Releases Wiki Activity
v6.16.6
linux-stable/net/vmw_vsock
History
Will Deacon 676f03760c vsock/virtio: Validate length in packet header before skb_put() 
commit 0dab924844 upstream.

When receiving a vsock packet in the guest, only the virtqueue buffer
size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately,
virtio_vsock_skb_rx_put() uses the length from the packet header as the
length argument to skb_put(), potentially resulting in SKB overflow if
the host has gone wonky.

Validate the length as advertised by the packet header before calling
virtio_vsock_skb_rx_put().

Cc: <stable@vger.kernel.org>
Fixes: 71dc9ec9ac ("virtio/vsock: replace virtio_vsock_pkt with sk_buff")
Signed-off-by: Will Deacon <will@kernel.org>
Message-Id: <20250717090116.11987-3-will@kernel.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:34:25 +02:00
..
af_vsock_tap.c
af_vsock.c vsock: Do not allow binding to VMADDR_PORT_ANY 2025-08-15 16:39:31 +02:00
diag.c
hyperv_transport.c
Kconfig
Makefile
virtio_transport_common.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-05-28 10:11:15 +02:00
virtio_transport.c vsock/virtio: Validate length in packet header before skb_put() 2025-08-28 16:34:25 +02:00
vmci_transport_notify_qstate.c
vmci_transport_notify.c
vmci_transport_notify.h
vmci_transport.c vsock/vmci: Clear the vmci transport packet properly when initializing it 2025-07-03 12:52:52 +02:00
vmci_transport.h
vsock_addr.c
vsock_bpf.c vsock/bpf: Warn on socket without transport 2025-02-18 12:00:01 +01:00
vsock_loopback.c