[dpdk-dev] [dpdk-stable] [PATCH 6/6] vhost/crypto: fix possible TOCTOU attack
Thomas Monjalon
thomas at monjalon.net
Mon Sep 28 17:19:14 CEST 2020
> From: Fan Zhang <roy.fan.zhang at intel.com>
>
> This patch fixes the possible time-of-check to time-of-use (TOCTOU)
> attack problem by copying request data and descriptor index to local
> variable prior to process.
>
> Also the original sequential read of descriptors may lead to TOCTOU
> attack. This patch fixes the problem by loading all descriptors of a
> request to local buffer before processing.
>
> CVE-2020-14375
> Fixes: 3bb595ecd682 ("vhost/crypto: add request handler")
> Cc: stable at dpdk.org
>
> Signed-off-by: Fan Zhang <roy.fan.zhang at intel.com>
> Acked-by: Chenbo Xia <chenbo.xia at intel.com>
Series applied in the main repository, thanks.
More information about the dev
mailing list