First published: Wed Jun 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vduse_dev_ioctl() The "config.offset" comes from the user. There needs to a check to prevent it being out of bounds. The "config.offset" and "dev->config_size" variables are both type u32. So if the offset if out of bounds then the "dev->config_size - config.offset" subtraction results in a very high u32 value. The out of bounds offset can result in memory corruption.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=5.15<5.15.11 | |
Linux Linux kernel | =5.16-rc1 | |
Linux Linux kernel | =5.16-rc2 | |
Linux Linux kernel | =5.16-rc3 | |
Linux Linux kernel | =5.16-rc4 | |
Linux Linux kernel | =5.16-rc5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.