Linux Kernel HID Hyper-V Struct Memcpy Overrun Vulnerability

A vulnerability in the Linux kernel's Hyper-V HID driver has been addressed, which involved a potential overrun warning related to the fortified memcpy function. This issue was particularly noticeable when using GCC 9. The problem arose in the 'mousevsc_on_receive' function, where the compiler detected a write overflow, suggesting that the code could be improved to avoid such warnings. The vulnerability was resolved by reworking the code to enhance readability and eliminate the warning, ensuring that memory is not corrupted when handling data from the hypervisor.

Impact

The vulnerability could lead to memory corruption by allowing a write operation to exceed the allocated size of a data field, potentially causing undefined behavior or exploitation opportunities.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.