CVE-2023-54034

Summary

In the Linux kernel, the following vulnerability has been resolved:

iommufd: Make sure to zero vfio_iommu_type1_info before copying to user

Missed a zero initialization here. Most of the struct is filled with a copy_from_user(), however minsz for that copy is smaller than the actual struct by 8 bytes, thus we don't fill the padding.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd624d6652a65ad4f47a58b8651a1ec1163bb81d3 < 7adcec686e4d699c169d34c722132b2bce5232cbaffected
LinuxLinuxd624d6652a65ad4f47a58b8651a1ec1163bb81d3 < b3551ead616318ea155558cdbe7e91495b8d9b33affected
LinuxLinux6.2affected
LinuxLinux0 < 6.2unaffected
LinuxLinux6.2.3 <= 6.2.*unaffected
LinuxLinux6.3 <= *unaffected

Weaknesses

References