Описание
In the Linux kernel, the following vulnerability has been resolved:
xen/netback: Fix buffer overrun triggered by unusual packet
It is possible that a guest can send a packet that contains a head + 18 slots and yet has a len <= XEN_NETBACK_TX_COPY_LEN. This causes nr_slots to underflow in xenvif_get_requests() which then causes the subsequent loop's termination condition to be wrong, causing a buffer overrun of queue->tx_map_ops.
Rework the code to account for the extra frag_overflow slots.
This is CVE-2023-34319 / XSA-432.
In the Linux kernel, the following vulnerability has been resolved:
xen/netback: Fix buffer overrun triggered by unusual packet
It is possible that a guest can send a packet that contains a head + 18 slots and yet has a len <= XEN_NETBACK_TX_COPY_LEN. This causes nr_slots to underflow in xenvif_get_requests() which then causes the subsequent loop's termination condition to be wrong, causing a buffer overrun of queue->tx_map_ops.
Rework the code to account for the extra frag_overflow slots.
This is CVE-2023-34319 / XSA-432.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-53502
- https://git.kernel.org/stable/c/11e6919ae028b5de1fc48007354ea07069561b31
- https://git.kernel.org/stable/c/534fc31d09b706a16d83533e16b5dc855caf7576
- https://git.kernel.org/stable/c/b14a3924c2675c22e07a5a190223b6b6cdc2867d
- https://git.kernel.org/stable/c/bc7b9a6c2ca42b116b0f24dbaa52b5a07d96d1d6
- https://git.kernel.org/stable/c/cf482893f721f76ac60c0a43482a59b2f194156b
- https://git.kernel.org/stable/c/e1142d87c185c7d7bbf05d175754638b5b9dbf16
- https://git.kernel.org/stable/c/f9167a2d6b943f30743de6ff8163d1981c34f9a9
- https://git.kernel.org/stable/c/fa5b932b77c815d0e416612859d5899424bb4212
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.