On 12/11/2019 15:19, Maxime Coquelin wrote: > vhost_user_set_vring_num() performs multiple allocations > without checking whether data were previously allocated. > > It may cause a denial of service because of the memory leaks > that happen if a malicious vhost-user master keeps sending > VHOST_USER_SET_VRING_NUM request until the slave runs out > of memory. > > This issue has been assigned CVE-2019-14818 > > Reported-by: Jason Wang <jasow...@redhat.com> > Signed-off-by: Maxime Coquelin <maxime.coque...@redhat.com> > ---
Applied, thanks.
