korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-09-22 04:31:58 +08:00
Code Issues Packages Projects Releases Wiki Activity
82982175be
linux/drivers/misc
History
Hagar Gamal Halim Hemdan 681967c4ff vmci: prevent speculation leaks by sanitizing event in event_deliver() 
commit 8003f00d89 upstream.

Coverity spotted that event_msg is controlled by user-space,
event_msg->event_data.event is passed to event_deliver() and used
as an index without sanitization.

This change ensures that the event index is sanitized to mitigate any
possibility of speculative information leaks.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Only compile tested, no access to HW.

Fixes: 1d990201f9 ("VMCI: event handling implementation.")
Cc: stable <stable@kernel.org>
Signed-off-by: Hagar Gamal Halim Hemdan <hagarhem@amazon.com>
Link: https://lore.kernel.org/stable/20231127193533.46174-1-hagarhem%40amazon.com
Link: https://lore.kernel.org/r/20240430085916.4753-1-hagarhem@amazon.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-07-05 09:08:18 +02:00
..
altera-stapl
c2port
cardreader misc: rtsx: Fix an error handling path in rtsx_pci_probe() 2022-08-25 11:17:52 +02:00
cb710
cxl cxl: Fix refcount leak in cxl_calc_capp_routing 2023-01-18 11:41:30 +01:00
echo
eeprom eeprom: at24: also select REGMAP 2023-06-14 10:59:58 +02:00
genwqe
habanalabs
ibmasm
lis3lv02d
lkdtm locking/refcount: Define constants for saturation and max refcount values 2022-07-29 17:14:16 +02:00
mei mei: me: release irq in mei_me_pci_resume error path 2024-07-05 09:08:15 +02:00
mic
ocxl misc: ocxl: fix possible name leak in ocxl_file_register_afu() 2023-01-18 11:41:23 +01:00
sgi-gru misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os 2023-01-18 11:41:24 +01:00
sgi-xp
ti-st misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() 2023-11-20 10:30:13 +01:00
vmw_vmci vmci: prevent speculation leaks by sanitizing event in event_deliver() 2024-07-05 09:08:18 +02:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c
apds9802als.c
atmel_tclib.c
atmel-ssc.c misc: atmel-ssc: Fix IRQ check in ssc_probe 2022-06-22 14:11:22 +02:00
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
enclosure.c
fastrpc.c misc: fastrpc: Mark all sessions as invalid in cb_remove 2024-02-23 08:25:11 +01:00
hmc6352.c
hpilo.c
hpilo.h
ibmvmc.c
ibmvmc.h
ics932s401.c
isl29003.c
isl29020.c
Kconfig
kgdbts.c
lattice-ecp3-config.c
Makefile
pch_phub.c
pci_endpoint_test.c misc: pci_endpoint_test: Re-init completion for every test 2023-07-27 08:37:37 +02:00
phantom.c
pti.c
pvpanic.c
qcom-coincell.c
sram-exec.c
sram.c
sram.h
tifm_7xx1.c misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() 2023-01-18 11:41:24 +01:00
tifm_core.c
tsl2550.c
vexpress-syscfg.c
vmw_balloon.c
xilinx_sdfec.c