> From: Fan Zhang <[email protected]> > > This patch fixes the possible time-of-check to time-of-use (TOCTOU) > attack problem by copying request data and descriptor index to local > variable prior to process. > > Also the original sequential read of descriptors may lead to TOCTOU > attack. This patch fixes the problem by loading all descriptors of a > request to local buffer before processing. > > CVE-2020-14375 > Fixes: 3bb595ecd682 ("vhost/crypto: add request handler") > Cc: [email protected] > > Signed-off-by: Fan Zhang <[email protected]> > Acked-by: Chenbo Xia <[email protected]>
Series applied in the main repository, thanks.
