View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000626 | AlmaLinux-10 | General | public | 2026-05-27 12:30 | 2026-05-27 12:30 |
| Reporter | v-sriramsur | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | N/A |
| Status | new | Resolution | open | ||
| Summary | 0000626: [AlmaLInux][Backport][MANA] net: mana: validate rx_req_idx to prevent out-of-bounds array access | ||||
| Description | Hello, This is a Sev 2 on our side with impact on all customer VM's Problem Summary In mana_hwc_rx_event_handler(), rx_req_idx is derived from sge->address in DMA-coherent memory. In Confidential VMs (SEV-SNP/TDX), this memory is shared unencrypted and HW can modify WQE contents at any time. No bounds check exists on rx_req_idx, which can lead to an out-of-bounds access into reqs[]. Add bounds check on rx_req_idx in mana_hwc_rx_event_handler() before using it to index the reqs[] array. Impact on Customer VMs All VMs Requesting backport of the below fix to all LTS kernels versions. https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b809d0409991 | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2026-05-27 12:30 | v-sriramsur | New Issue |
