Linux Kernel vdpa Nlattr Length Check Vulnerability Leading to Out-of-Bounds Read

A vulnerability in the Linux kernel's Virtual Data Path Accelerator (vDPA) management can lead to an out-of-bounds read. This issue arises because the vDPA Netlink policy structure, which validates attributes in incoming messages, lacks proper length checks for certain attributes. As a result, it may allow illegal attribute pointers to be processed, potentially causing memory access violations. This vulnerability has been addressed by adding the missing policy checks for vDPA feature attributes, ensuring that all attributes are correctly validated before being handled.

Impact

The vulnerability could be exploited to read memory outside the intended bounds, which can lead to information disclosure or potentially allow for more severe memory corruption issues.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.