CVE-2023-53998

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwrng: virtio - Fix race on data_avail and actual data<br /> <br /> The virtio rng device kicks off a new entropy request whenever the<br /> data available reaches zero. When a new request occurs at the end<br /> of a read operation, that is, when the result of that request is<br /> only needed by the next reader, then there is a race between the<br /> writing of the new data and the next reader.<br /> <br /> This is because there is no synchronisation whatsoever between the<br /> writer and the reader.<br /> <br /> Fix this by writing data_avail with smp_store_release and reading<br /> it with smp_load_acquire when we first enter read. The subsequent<br /> reads are safe because they&amp;#39;re either protected by the first load<br /> acquire, or by the completion mechanism.<br /> <br /> Also remove the redundant zeroing of data_idx in random_recv_done<br /> (data_idx must already be zero at this point) and data_avail in<br /> request_entropy (ditto).