PT-2023-9371 · Linux+3 · Linux Kernel+3
Alexander Egorenkov
+3
·
Publicado
2023-01-31
·
Atualizado
2024-09-27
·
CVE-2023-52733
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the decompressor in the Linux kernel, specifically on the s390 architecture. Historically, calls to
decompress() did not specify the out len parameter, expecting no writes beyond the uncompressed kernel image. However, with the inclusion of the zstd library commit, this behavior changed, allowing the decompression code to store literal buffers in the unwritten portion of the destination buffer. Since out len is not set, it is considered unlimited, which might corrupt initrd or ipl reports placed after the decompressor buffer. The size of the uncompressed kernel image is known to the decompressor, so specifying it in the out len parameter resolves the issue.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Astra Linux
Linux Kernel
Red Os
Suse