In the Linux kernel, the following vulnerability has been...
High severity
Unreviewed
Published
Jun 19, 2024
to the GitHub Advisory Database
•
Updated Aug 27, 2024
Description
Published by the National Vulnerability Database
Jun 19, 2024
Published to the GitHub Advisory Database
Jun 19, 2024
Last updated
Aug 27, 2024
In the Linux kernel, the following vulnerability has been resolved:
vduse: check that offset is within bounds in get_config()
This condition checks "len" but it does not check "offset" and that
could result in an out of bounds read if "offset > dev->config_size".
The problem is that since both variables are unsigned the
"dev->config_size - offset" subtraction would result in a very high
unsigned value.
I think these checks might not be necessary because "len" and "offset"
are supposed to already have been validated using the
vhost_vdpa_config_validate() function. But I do not know the code
perfectly, and I like to be safe.
References