7.8

CVE-2023-53543

vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check

In the Linux kernel, the following vulnerability has been resolved:

vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check

The vdpa_nl_policy structure is used to validate the nlattr when parsing
the incoming nlmsg. It will ensure the attribute being described produces
a valid nlattr pointer in info->attrs before entering into each handler
in vdpa_nl_ops.

That is to say, the missing part in vdpa_nl_policy may lead to illegal
nlattr after parsing, which could lead to OOB read just like CVE-2023-3773.

This patch adds the missing nla_policy for vdpa max vqp attr to avoid
such bugs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.198 < 6.1.47
LinuxLinux Kernel Version >= 6.2 < 6.4.12
LinuxLinux Kernel Version6.5 Updaterc1
LinuxLinux Kernel Version6.5 Updaterc2
LinuxLinux Kernel Version6.5 Updaterc3
LinuxLinux Kernel Version6.5 Updaterc4
LinuxLinux Kernel Version6.5 Updaterc5
LinuxLinux Kernel Version6.5 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.049
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/ff71709445ac033e6e250d971683110e4781c068
Patch
https://git.kernel.org/stable/c/ea65e8b5e6b1a34deda7564f09c90e9e80db436a
Patch
https://git.kernel.org/stable/c/5d6ba607d6cb5c58a4ddf33381e18c83dbb4098f
Patch
https://git.kernel.org/stable/c/baed19c108ac8287425b93a44985bbe9a0b1af8d