Description
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set.
Product status
71f28f3136aff5890cd56de78abc673f8393cad9 (git) before 4b4dff498f46e9802f71bc84258bf73065f51c6a
71f28f3136aff5890cd56de78abc673f8393cad9 (git) before 31cac6acf77ece488f29fb8f79589d9298e969c8
71f28f3136aff5890cd56de78abc673f8393cad9 (git) before dbe8e81a2ec608f87f79a34f6444cd62f6a243bb
71f28f3136aff5890cd56de78abc673f8393cad9 (git) before f75a5555e0049e7857eae25b60aee98b80e287ec
71f28f3136aff5890cd56de78abc673f8393cad9 (git) before 17d33ba7291100008360b5a354962db37ad80684
71f28f3136aff5890cd56de78abc673f8393cad9 (git) before da7e4b75e50c087d2031a92f6646eb90f7045a67
6.0
Any version before 6.0
6.1.165 (semver)
6.6.128 (semver)
6.12.75 (semver)
6.18.14 (semver)
6.19.4 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/4b4dff498f46e9802f71bc84258bf73065f51c6a
git.kernel.org/...c/31cac6acf77ece488f29fb8f79589d9298e969c8
git.kernel.org/...c/dbe8e81a2ec608f87f79a34f6444cd62f6a243bb
git.kernel.org/...c/f75a5555e0049e7857eae25b60aee98b80e287ec
git.kernel.org/...c/17d33ba7291100008360b5a354962db37ad80684
git.kernel.org/...c/da7e4b75e50c087d2031a92f6646eb90f7045a67