Roded Zats

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the validation of length of nl attributes in the `enic set vf port` function. The function assumes that the nl attribute `IFLA PORT PROFILE` is of length `PORT PROFILE MAX` and that the nl attributes `IFLA PORT INSTANCE UUID` and `IFLA PORT HOST UUID` are of length `PORT UUID MAX`. However, these attributes are validated using the `nla policy` `ifla port policy`, which defines the maximum size of the attributes, not the exact size. This might cause an out of bounds read access in the `memcpys` of the data of these attributes in `enic set vf port`. The `do setlink` function in `rtnetlink.c` uses the `nla policy` to validate the attributes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `do setvfinfo()` function in the `net/core/rtnetlink.c` module of the Linux kernel, which is associated with a buffer overflow vulnerability. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem arises from the validation of attributes within a nested `IFLA VF VLAN LIST`, where each attribute is expected to be at least the size of `struct ifla vf vlan info`, which is 14 bytes. However, the current validation checks against `NLA HDRLEN` (4 bytes), which is less than the required size, potentially leading to out-of-bounds read access when accessing the saved entry in `ivvl`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.