CVE-2024-57843

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio-net: fix overflow inside virtnet_rq_alloc<br /> <br /> When the frag just got a page, then may lead to regression on VM.<br /> Specially if the sysctl net.core.high_order_alloc_disable value is 1,<br /> then the frag always get a page when do refill.<br /> <br /> Which could see reliable crashes or scp failure (scp a file 100M in size<br /> to VM).<br /> <br /> The issue is that the virtnet_rq_dma takes up 16 bytes at the beginning<br /> of a new frag. When the frag size is larger than PAGE_SIZE,<br /> everything is fine. However, if the frag is only one page and the<br /> total size of the buffer and virtnet_rq_dma is larger than one page, an<br /> overflow may occur.<br /> <br /> The commit f9dac92ba908 ("virtio_ring: enable premapped mode whatever<br /> use_dma_api") introduced this problem. And we reverted some commits to<br /> fix this in last linux version. Now we try to enable it and fix this<br /> bug directly.<br /> <br /> Here, when the frag size is not enough, we reduce the buffer len to fix<br /> this problem.