GHSA-52H2-M2CF-9JH6

Vulnerability from github – Published: 2022-12-12 22:35 – Updated: 2022-12-12 22:35
VLAI?
Summary
linux-loader reading beyond EOF could lead to infinite loop
Details

Impact

The linux-loader crate used the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets pointed beyond the end of the file this could lead to an infinite loop. Virtual Machine Monitors using the linux-loader crate could enter an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner.

Patches

The issue has been addressed in 0.8.1

Workarounds

The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers to not point beyond the end of the file.

References

See: https://github.com/rust-vmm/linux-loader/pull/125

Severity ?
1.9 (Low)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "linux-loader"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23523"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-125",
      "CWE-835"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-12T22:35:41Z",
    "nvd_published_at": "2022-12-13T08:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe linux-loader crate used the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets pointed beyond the end of the file this could lead to an infinite loop. Virtual Machine Monitors using the `linux-loader` crate could enter an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner.\n\n### Patches\nThe issue has been addressed in 0.8.1\n\n### Workarounds\nThe issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers to not point beyond the end of the file.\n\n### References\n\nSee: https://github.com/rust-vmm/linux-loader/pull/125\n",
  "id": "GHSA-52h2-m2cf-9jh6",
  "modified": "2022-12-12T22:35:41Z",
  "published": "2022-12-12T22:35:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23523"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-vmm/linux-loader/pull/125"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rust-vmm/linux-loader/commit/a44f152da4f38c538ed492b1efa8515be2047db2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rust-vmm/linux-loader"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "linux-loader reading beyond EOF could lead to infinite loop"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.