Description
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt); If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes are in flight, the subtraction can underflow and produce a large positive value, potentially allowing more data to be queued than the peer can handle. Reuse virtio_transport_has_space() which already handles this case and add a comment to make it clear why we are doing that. [Stefano: use virtio_transport_has_space() instead of duplicating the code] [Stefano: tweak the commit message]
Product status
06a8fc78367d070720af960dcecec917d3ae5f3b (git) before d96de882d6b99955604669d962ae14e94b66a551
06a8fc78367d070720af960dcecec917d3ae5f3b (git) before 02f9af192b98d15883c70dd41ac76d1b0217c899
06a8fc78367d070720af960dcecec917d3ae5f3b (git) before d05bc313788f0684b27f0f5b60c52a844669b542
06a8fc78367d070720af960dcecec917d3ae5f3b (git) before ec0f1b3da8061be3173d1c39faaf9504f91942c3
06a8fc78367d070720af960dcecec917d3ae5f3b (git) before 3ef3d52a1a9860d094395c7a3e593f3aa26ff012
4.8
Any version before 4.8
6.1.162 (semver)
6.6.122 (semver)
6.12.68 (semver)
6.18.8 (semver)
6.19 (original_commit_for_fix)
References
git.kernel.org/...c/d96de882d6b99955604669d962ae14e94b66a551
git.kernel.org/...c/02f9af192b98d15883c70dd41ac76d1b0217c899
git.kernel.org/...c/d05bc313788f0684b27f0f5b60c52a844669b542
git.kernel.org/...c/ec0f1b3da8061be3173d1c39faaf9504f91942c3
git.kernel.org/...c/3ef3d52a1a9860d094395c7a3e593f3aa26ff012