[PATCH] RISC-V: KVM: Fix potential UAF in kvm_riscv_aia_imsic_has_attr()
patchwork-bot+linux-riscv at kernel.org
patchwork-bot+linux-riscv at kernel.org
Mon Mar 23 23:07:26 PDT 2026
Hello:
This patch was applied to riscv/linux.git (for-next)
by Anup Patel <anup at brainfault.org>:
On Wed, 4 Mar 2026 08:08:04 +0000 you wrote:
> The KVM_DEV_RISCV_AIA_GRP_APLIC branch of aia_has_attr() was identified
> to have a race condition with concurrent KVM_SET_DEVICE_ATTR ioctls,
> leading to a use-after-free bug.
>
> Upon analyzing the code, it was discovered that the
> KVM_DEV_RISCV_AIA_GRP_IMSIC branch of aia_has_attr() suffers from the same
> lack of synchronization. It invokes kvm_riscv_aia_imsic_has_attr() without
> holding dev->kvm->lock.
>
> [...]
Here is the summary with links:
- RISC-V: KVM: Fix potential UAF in kvm_riscv_aia_imsic_has_attr()
https://git.kernel.org/riscv/c/7120a9d9e023
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
More information about the linux-riscv
mailing list