References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

https://git.kernel.org/stable/c/773e95c268b5d859f51f7547559734fd2a57660c

https://git.kernel.org/stable/c/ddc8649d363141fb3371dd81a73e1cb4ef8ed1e1

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: ensure the received length does not exceed allocated size

In xdp_linearize_page, when reading the following buffers from the ring,
we forget to check the received length with the true allocate size. This
can lead to an out-of-bound read. This commit adds that missing check.

https://git.kernel.org/stable/c/11f2d0e8be2b5e784ac45fa3da226492c3e506d8

https://git.kernel.org/stable/c/315dbdd7cdf6aa533829774caaf4d25f1fd20e73

https://git.kernel.org/stable/c/6aca3dad2145e864dfe4d1060f45eb1bac75dd58

https://git.kernel.org/stable/c/80b971be4c37a4d23a7f1abc5ff33dc7733d649b

https://git.kernel.org/stable/c/982beb7582c193544eb9c6083937ec5ac1c9d651

https://git.kernel.org/stable/c/bc68bc3563344ccdc57d1961457cdeecab8f81ef