[PATCH v1] vhost: fix missing descriptor reclaim on copy_to_iter failure

From: Henry Martin If copy_to_iter(&hdr, sizeof(hdr), &fixup) fails, the descriptor is not reclaimed via vhost_discard_vq_desc(), leading to potential resource leaks. Fix it by explicitly calling vhost_discard_vq_desc() on failure. Fixes: 4c5a84421c7d ("vhost: cleanup iterator update logic") Re

[PATCH v1] VSOCK: fix Out-of-Bounds Read in vmci_transport_dgram_dequeue()

From: Henry Martin vmci_transport_dgram_dequeue lack of buffer length validation before accessing `vmci_datagram` header. Trigger Path: 1. Attacker sends a datagram with length < sizeof(struct vmci_datagram). 2. `skb_recv_datagram()` returns the malformed sk_buff (skb->len < sizeof(struct

[PATCH v1] VSOCK: fix Information Leak in virtio_transport_shutdown()

From: Henry Martin The `struct virtio_vsock_pkt_info` is declared on the stack but only partially initialized (only `op`, `flags`, and `vsk` are set) The uninitialized fields (including `pkt_len`, `remote_cid`, `remote_port`, etc.) contain residual kernel stack data. This structure is passed to

[PATCH] VSOCK: fix Integer Overflow in vmci_transport_recv_dgram_cb()

From: Henry Martin The vulnerability is triggered when processing a malicious VMCI datagram with an extremely large `payload_size` value. The attack path is: 1. Attacker crafts a malicious `vmci_datagram` with `payload_size` set to a value near `SIZE_MAX` (e.g., `SIZE_MAX - offsetof(struct