From: Hyunwoo Kim v4bel@theori.io
stable inclusion from stable-v5.10.230 commit eb1bdcb7dfc30b24495ee4c5533af0ed135cb5f1 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IB5AUY CVE: CVE-2024-50264
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f upstream.
During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.
Cc: stable stable@kernel.org Fixes: 06a8fc78367d ("VSOCK: Introduce virtio_vsock_common.ko") Signed-off-by: Hyunwoo Kim v4bel@theori.io Signed-off-by: Wongi Lee qwerty@theori.io Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Message-Id: 2024102245-strive-crib-c8d3@gregkh Signed-off-by: Michael S. Tsirkin mst@redhat.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Signed-off-by: Zhang Changzhong zhangchangzhong@huawei.com --- net/vmw_vsock/virtio_transport_common.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c index 4102689..b626c7e 100644 --- a/net/vmw_vsock/virtio_transport_common.c +++ b/net/vmw_vsock/virtio_transport_common.c @@ -687,6 +687,7 @@ void virtio_transport_destruct(struct vsock_sock *vsk) struct virtio_vsock_sock *vvs = vsk->trans;
kfree(vvs); + vsk->trans = NULL; } EXPORT_SYMBOL_GPL(virtio_transport_destruct);