4015 – CVE-2022-33742

Bug 4015 - CVE-2022-33742

Summary: CVE-2022-33742

Status:	RESOLVED FIXED

Alias:	None

Product:	ANCK 4.19 Dev
Classification:	ANCK
Component:	drivers (show other bugs)	drivers
Sub Component:
Version:	4.19-028.x
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	ljubomir
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-09 15:22 UTC by ljubomir
Modified:	2023-06-07 19:05 UTC (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ljubomir inspur_group

2023-02-09 15:22:58 UTC

Description of problem:

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 小龙 admin

2023-05-29 14:18:37 UTC

The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1676

Comment 2 小龙 admin

2023-06-07 19:04:26 UTC

PR: 
https://gitee.com/anolis/cloud-kernel/pulls/1676