CVE-2024-47748

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vhost_vdpa: assign irq bypass producer token correctly<br /> <br /> We used to call irq_bypass_unregister_producer() in<br /> vhost_vdpa_setup_vq_irq() which is problematic as we don&amp;#39;t know if the<br /> token pointer is still valid or not.<br /> <br /> Actually, we use the eventfd_ctx as the token so the life cycle of the<br /> token should be bound to the VHOST_SET_VRING_CALL instead of<br /> vhost_vdpa_setup_vq_irq() which could be called by set_status().<br /> <br /> Fixing this by setting up irq bypass producer&amp;#39;s token when handling<br /> VHOST_SET_VRING_CALL and un-registering the producer before calling<br /> vhost_vring_ioctl() to prevent a possible use after free as eventfd<br /> could have been released in vhost_vring_ioctl(). And such registering<br /> and unregistering will only be done if DRIVER_OK is set.