CVE-2022-23523 - OpenCVE

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux-loader Project	Linux-loader

Configuration 1 [-]

cpe:2.3:a:linux-loader_project:linux-loader:*:*:*:*:*:rust:*:*

No data.

References

Link	Providers
https://github.com/rust-vmm/linux-loader/pull/125
https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-12-13T07:41:47.047Z

Updated: 2024-08-03T03:43:46.487Z

Reserved: 2022-01-19T21:23:53.782Z

Link: CVE-2022-23523

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-12-13T08:15:10.140

Modified: 2023-06-27T14:59:10.640

Link: CVE-2022-23523

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-23523", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.782Z", "datePublished": "2022-12-13T07:41:47.047Z", "dateUpdated": "2024-08-03T03:43:46.487Z"}, "containers": {"cna": {"title": "rust-vmm linux-loader vulnerable to Out-of-bounds Read", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-119", "lang": "en", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6"}, {"name": "https://github.com/rust-vmm/linux-loader/pull/125", "tags": ["x_refsource_MISC"], "url": "https://github.com/rust-vmm/linux-loader/pull/125"}], "affected": [{"vendor": "rust-vmm", "product": "linux-loader", "versions": [{"version": "< 0.8.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-13T07:41:47.047Z"}, "descriptions": [{"lang": "en", "value": "In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file."}], "source": {"advisory": "GHSA-52h2-m2cf-9jh6", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:43:46.487Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6"}, {"name": "https://github.com/rust-vmm/linux-loader/pull/125", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/rust-vmm/linux-loader/pull/125"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linux-loader_project:linux-loader:*:*:*:*:*:rust:*:*", "matchCriteriaId": "A355AAE5-D5A1-42D6-B6DC-C5835FAEE011", "versionEndExcluding": "0.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file."}, {"lang": "es", "value": "En versiones anteriores a la 0.8.1, la caja del cargador de Linux utiliza las compensaciones y los tama\u00f1os proporcionados en los encabezados ELF para determinar las compensaciones para leer. Si esas compensaciones apuntan m\u00e1s all\u00e1 del final del archivo, esto podr\u00eda llevar a que los monitores de m\u00e1quinas virtuales utilicen la caja `linux-loader` entrando en un bucle infinito si el encabezado ELF del kernel que est\u00e1n cargando se modific\u00f3 de manera maliciosa. Este problema se ha solucionado en 0.8.1. El problema se puede mitigar asegur\u00e1ndose de que solo se carguen im\u00e1genes confiables del kernel o verificando que los encabezados no apunten m\u00e1s all\u00e1 del final del archivo."}], "id": "CVE-2022-23523", "lastModified": "2023-06-27T14:59:10.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-12-13T08:15:10.140", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/rust-vmm/linux-loader/pull/125"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}]}