In the vhost-net driver, which ensures the operation of virtio net on the side of the host environment, vulnerability () that allows a local user to initiate a kernel stack overflow by sending a well-formed ioctl(VHOST_NET_SET_BACKEND) to the /dev/vhost-net device. The problem is caused by the lack of proper validation of the contents of the sk_family field in the get_raw_socket() function code.
According to preliminary data, the vulnerability can be used to perform a local DoS attack by causing a kernel crash (there is no information about using the stack overflow caused by the vulnerability to organize code execution).
Vulnerability in Linux kernel update 5.5.8. For distributions, you can follow the release of package updates on the pages , , , , , .
Source: opennet.ru