Skip to content

Potential Vulnerability in Cloned Code#29

Closed
tlnguyen-smu wants to merge 1 commit intoceph:for-linusfrom
tlnguyen-smu:cve-req-2917
Closed

Potential Vulnerability in Cloned Code#29
tlnguyen-smu wants to merge 1 commit intoceph:for-linusfrom
tlnguyen-smu:cve-req-2917

Conversation

@tlnguyen-smu
Copy link

@tlnguyen-smu tlnguyen-smu commented Dec 16, 2025

This PR fixes a potential security vulnerability in kvm_irqfd() that was cloned from https://github.com/torvalds/linux but did not receive the security patch.

Details:

Affected Function: kvm_irqfd() in virt/kvm/eventfd.c
Original Fix: torvalds/linux@36ae3c0

What this PR does:

This PR applies the same security patch that was applied to the original repository to eliminate the potential vulnerability in the cloned code.

References:

Please review and merge this PR to ensure your repository is protected against this potential vulnerability.

@lamntu
Don't accept obviously wrong gsi values via KVM_IRQFD
a0479e9 
We cannot add routes for gsi values >= KVM_MAX_IRQ_ROUTES -- see kvm_set_irq_routing(). Hence, there is no sense in accepting them via KVM_IRQFD. Prevent them from entering the system in the first place.
@idryomov
Copy link
Contributor

idryomov commented Dec 22, 2025

This is a fork used only for development purposes: active branches are rebased periodically, historic branches are retained just for reference. Security vulnerabilities aren't tracked here.

@idryomov idryomov closed this Dec 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tlnguyen-smu @idryomov @lamntu