Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-23523: loader: x86_64: elf: Avoid reading beyond file end by likebreath · Pull Request #125 · rust-vmm/linux-loader

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the linux-loader crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.

CVE
Open in Source
#mac#linux#git#intel#perl#auth

Summary of the PR

The ELF header contains offsets that the loader uses to find other structures. If those offsets are beyond the end of the file (or would go past the end of the file) it is essential to error out when attempting to read those. Using Read::read_exact() permits this.

Signed-off-by: Bo Chen [email protected]
Co-authored-by: Rob Bradford [email protected]

Requirements

Before submitting your PR, please make sure you addressed the following
requirements:

  • All commits in this PR are signed (with git commit -s), and the commit
    message has max 60 characters for the summary and max 75 characters for each
    description line.
  • All added/changed functionality has a corresponding unit/integration
    test.
  • All added/changed public-facing functionality has entries in the “Upcoming
    Release” section of CHANGELOG.md (if no such section exists, please create one).
  • Any newly added unsafe code is properly documented.

Related news

GHSA-52h2-m2cf-9jh6: linux-loader reading beyond EOF could lead to infinite loop

### Impact The linux-loader crate used the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets pointed beyond the end of the file this could lead to an infinite loop. Virtual Machine Monitors using the `linux-loader` crate could enter an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. ### Patches The issue has been addressed in 0.8.1 ### Workarounds The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers to not point beyond the end of the file. ### References See: https://github.com/rust-vmm/linux-loader/pull/125

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE