In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: fix potential underflow in virtio_transport_get_credit()
The credit calculation in virtio_transport_get_credit() uses unsigned
arithmetic:
ret = vvs->peer_buf_alloc - (vvs->tx_cnt - vvs->peer_fwd_cnt);
If the peer shrinks its advertised buffer (peer_buf_alloc) while bytes
are in flight, the subtraction can underflow and produce a large
positive value, potentially allowing more data to be queued than the
peer can handle.
Reuse virtio_transport_has_space() which already handles this case and
add a comment to make it clear why we are doing that.
[Stefano: use virtio_transport_has_space() instead of duplicating the code]
[Stefano: tweak the commit message]
Attack Parameters
Impact Assessment
CVSS Vector v3.1
Weakness Type (CWE)
Vulnerable Products 10
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
4.8
|
6.1.162
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
6.2
|
6.6.122
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
6.7
|
6.12.68
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
|
6.13
|
6.18.8
|
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
|
— | — |
|
Linux Linux_Kernel
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
|
— | — |