Skip to content

Commit 7d898df

Browse files
committed
xen/netfront: fix leaking data in shared pages
jira VULN-1438 cve CVE-2022-33740 commit-author Roger Pau Monne <[email protected]> commit 307c8de upstream-diff This kernel hasn't switched to page_pool_dev_alloc_pages so we are simply adding __GFP_ZERO to the existing alloc_page call. When allocating pages to be used for shared communication with the backend always zero them, this avoids leaking unintended data present on the pages. This is CVE-2022-33740, part of XSA-403. Signed-off-by: Roger Pau Monné <[email protected]> Reviewed-by: Jan Beulich <[email protected]> Reviewed-by: Juergen Gross <[email protected]> Signed-off-by: Juergen Gross <[email protected]> (cherry picked from commit 307c8de) Signed-off-by: Brett Mastbergen <[email protected]>
1 parent 399df82 commit 7d898df

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

drivers/net/xen-netfront.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -266,7 +266,7 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue)
266266
if (unlikely(!skb))
267267
return NULL;
268268

269-
page = alloc_page(GFP_ATOMIC | __GFP_NOWARN);
269+
page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO);
270270
if (!page) {
271271
kfree_skb(skb);
272272
return NULL;

0 commit comments

Comments
 (0)