[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2020-10942 Kernel: vhost-net: stack overflow in get_raw_socket while checking sk_
From:       P J P <ppandit () redhat ! com>
Date:       2020-04-15 18:32:51
Message-ID: nycvar.YSQ.7.76.2004152346280.69262 () xnncv
[Download RAW message or body]

   Hello,

A stack buffer overflow issue was found in the get_raw_socket() routine of the 
Host kernel accelerator for virtio net (vhost-net) driver. It could occur 
while doing an ioctl(VHOST_NET_SET_BACKEND) call and retrieving socket name in 
a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) 
calls on the '/dev/vhost-net' device may use this flaw to crash the kernel 
resulting in DoS issue.

Upstream patch:
   -> https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64

Reference:
   -> https://lkml.org/lkml/2020/2/15/125

CVE-2020-10942 assigned via -> https://cveform.mitre.org/

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D

[prev in list] [next in list] [prev in thread] [next in thread]