CVE-2022-23523 – linux-loader

Package

Manager: cargo
Name: linux-loader
Vulnerable Version: >=0 <0.8.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00024 pctl0.05085

Details

linux-loader reading beyond EOF could lead to infinite loop ### Impact The linux-loader crate used the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets pointed beyond the end of the file this could lead to an infinite loop. Virtual Machine Monitors using the `linux-loader` crate could enter an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. ### Patches The issue has been addressed in 0.8.1 ### Workarounds The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers to not point beyond the end of the file. ### References See: https://github.com/rust-vmm/linux-loader/pull/125

Metadata

Created: 2022-12-12T22:35:41Z
Modified: 2022-12-12T22:35:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-52h2-m2cf-9jh6/GHSA-52h2-m2cf-9jh6.json
CWE IDs: ["CWE-119", "CWE-125", "CWE-835"]
Alternative ID: GHSA-52h2-m2cf-9jh6
Finding: F111
Auto approve: 1