Michael S. Tsirkin 670ae9caac vhost: fix info leak due to uninitialized memory ... struct vhost_msg within struct vhost_msg_node is copied to userspace. Unfortunately it turns out on 64 bit systems vhost_msg has padding after type which gcc doesn't initialize, leaking 4 uninitialized bytes to userspace. This padding also unfortunately means 32 bit users of this interface are broken on a 64 bit kernel which will need to be fixed separately. Fixes: CVE-2018-1118 Cc: stable@vger.kernel.org Reported-by: Kevin Easton <kevin@guarana.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reported-by: syzbot+87cfa083e727a224754b@syzkaller.appspotmail.com Signed-off-by: Michael S. Tsirkin <mst@redhat.com>		2018-06-12 04:59:29 +03:00
..
Kconfig	tap: tap as an independent module	2017-02-11 20:59:41 -05:00
Kconfig.vringh	vhost: split out vringh Kconfig	2016-08-02 16:54:28 +03:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
net.c	vhost_net: flush batched heads before trying to busy polling	2018-05-30 13:29:03 -04:00
scsi.c	vhost: remove unused lock check flag in vhost_dev_cleanup()	2018-02-01 16:26:44 +02:00
test.c	vhost: remove unused lock check flag in vhost_dev_cleanup()	2018-02-01 16:26:44 +02:00
test.h	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
vhost.c	vhost: fix info leak due to uninitialized memory	2018-06-12 04:59:29 +03:00
vhost.h	vhost: return bool from *_access_ok() functions	2018-04-11 10:54:06 -04:00
vringh.c	vringh: kill off ACCESS_ONCE()	2016-12-16 00:13:36 +02:00
vsock.c	fw_cfg, vhost: features fixes	2018-04-06 19:21:41 -07:00