CVE-2022-50058
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
vdpa_sim_blk: set number of address spaces and virtqueue groups
Commit bda324fd037a ("vdpasim: control virtqueue support") added two new fields (nas, ngroups) to vdpasim_dev_attr, but we forgot to initialize them for vdpa_sim_blk.
When creating a new vdpa_sim_blk device this causes the kernel to panic in this way: $ vdpa dev add mgmtdev vdpasim_blk name blk0 BUG: kernel NULL pointer dereference, address: 0000000000000030 … RIP: 0010:vhost_iotlb_add_range_ctx+0x41/0x220 [vhost_iotlb] … Call Trace: <TASK> vhost_iotlb_add_range+0x11/0x800 [vhost_iotlb] vdpasim_map_range+0x91/0xd0 [vdpa_sim] vdpasim_alloc_coherent+0x56/0x90 [vdpa_sim] …
This happens because vdpasim->iommu[0] is not initialized when dev_attr.nas is 0.
Let's fix this issue by initializing both (nas, ngroups) to 1 for vdpa_sim_blk.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bda324fd037a6b0d44da5699574ce741ca161bc4 < a291c7d289fac2cb13fb2614a9a251afbbd86ce9 | affected |
| Linux | Linux | bda324fd037a6b0d44da5699574ce741ca161bc4 < 19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809 | affected |
| Linux | Linux | 5.19 | affected |
| Linux | Linux | 0 < 5.19 | unaffected |
| Linux | Linux | 5.19.4 <= 5.19.* | unaffected |
| Linux | Linux | 6.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/a291c7d289fac2cb13fb2614a9a251afbbd86ce9
- https://git.kernel.org/stable/c/19cd4a5471b8eaa4bd161b0fdb4567f2fc88d809
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.