Description
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().
Product status
baddcc2c71572968cdaeee1c4ab3dc0ad90fa765 (git) before 969b06bd8b7560efb100a34227619e7d318fbe05
71dc9ec9ac7d3eee785cdc986c3daeb821381e20 (git) before ee438c492b2e0705d819ac0e25d04fae758d8f8f
71dc9ec9ac7d3eee785cdc986c3daeb821381e20 (git) before faf332a10372390ce65d0b803888f4b25a388335
71dc9ec9ac7d3eee785cdc986c3daeb821381e20 (git) before 676f03760ca1d69c2470cef36c44dc152494b47c
71dc9ec9ac7d3eee785cdc986c3daeb821381e20 (git) before 0dab92484474587b82e8e0455839eaf5ac7bf894
6.3
Any version before 6.3
6.1.149 (semver)
6.6.103 (semver)
6.12.44 (semver)
6.16.4 (semver)
6.17 (original_commit_for_fix)
References
git.kernel.org/...c/969b06bd8b7560efb100a34227619e7d318fbe05
git.kernel.org/...c/ee438c492b2e0705d819ac0e25d04fae758d8f8f
git.kernel.org/...c/faf332a10372390ce65d0b803888f4b25a388335
git.kernel.org/...c/676f03760ca1d69c2470cef36c44dc152494b47c
git.kernel.org/...c/0dab92484474587b82e8e0455839eaf5ac7bf894
