PT-2023-4315 · Linux+6 · Linux+6
Ross Lagerwall
·
Publicado
2023-08-08
·
Atualizado
2024-10-11
·
CVE-2023-34319
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux (affected versions not specified)
Description
The issue is related to the Linux netback driver, which was modified to handle a frontend splitting a packet in a way that not all headers come in one piece. However, the introduced logic did not account for the extreme case of the entire packet being split into many pieces, yet still being smaller than the area that keeps all possible headers together. This unusual packet would trigger a buffer overrun in the driver. The
xenvif get requests() function in the drivers/net/xen-netback/netback.c module is specifically mentioned as being related to the issue.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Memory Corruption
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Linux
Linuxmint
Red Os
Suse
Ubuntu