Re: [PATCH v3] vduse: prevent uninitialized memory accesses

On 8/31/22 08:49, Maxime Coquelin wrote:

If the VDUSE application provides a smaller config space than the driver expects, the driver may use uninitialized memory from the stack.

This patch prevents it by initializing the buffer passed by the driver to store the config value.

This fix addresses CVE-2022-2308.

Cc: stable@vger.kernel.org # v5.15+ Fixes: c8a6153b6c59 ("vduse: Introduce VDUSE - vDPA Device in Userspace") Reviewed-by: Xie Yongji xieyongji@bytedance.com Acked-by: Jason Wang jasowang@redhat.com Signed-off-by: Maxime Coquelin maxime.coquelin@redhat.com

---

Looks good.

Reviewed-by: Chaitanya Kulkarni kch@nvidia.com