| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jun 2018 20:10:01 +0300
From: "Michael S. Tsirkin" <mst@...hat.com>
To: syzbot <syzbot+87cfa083e727a224754b@...kaller.appspotmail.com>
Cc: avagin@...nvz.org, davem@...emloft.net, dingtianhong@...wei.com,
edumazet@...gle.com, elena.reshetova@...el.com,
jasowang@...hat.com, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, matthew@...systems.ca,
mingo@...nel.org, netdev@...r.kernel.org, pabeni@...hat.com,
syzkaller-bugs@...glegroups.com, viro@...iv.linux.org.uk,
virtualization@...ts.linux-foundation.org, willemb@...gle.com
Subject: Re: KMSAN: uninit-value in _copy_to_iter (2)
#syz test: https://github.com/google/kmsan.git master
Subject: vhost: fix info leak
Fixes: CVE-2018-1118
Signed-off-by: Michael S. Tsirkin <mst@...hat.com>
---
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index f0be5f35ab28..9beefa6ed1ce 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vhost/vhost.c
@@ -2345,6 +2345,9 @@ struct vhost_msg_node *vhost_new_msg(struct vhost_virtqueue *vq, int type)
struct vhost_msg_node *node = kmalloc(sizeof *node, GFP_KERNEL);
if (!node)
return NULL;
+
+ /* Make sure all padding within the structure is initialized. */
+ memset(&node->msg, 0, sizeof node->msg);
node->vq = vq;
node->msg.type = type;
return node;
Powered by blists - more mailing lists