CVE-2022-23523

{"id": "CVE-2022-23523", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.5}]}, "published": "2022-12-13T08:15:10.140", "references": [{"url": "https://github.com/rust-vmm/linux-loader/pull/125", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file."}, {"lang": "es", "value": "En versiones anteriores a la 0.8.1, la caja del cargador de Linux utiliza las compensaciones y los tama\u00f1os proporcionados en los encabezados ELF para determinar las compensaciones para leer. Si esas compensaciones apuntan m\u00e1s all\u00e1 del final del archivo, esto podr\u00eda llevar a que los monitores de m\u00e1quinas virtuales utilicen la caja `linux-loader` entrando en un bucle infinito si el encabezado ELF del kernel que est\u00e1n cargando se modific\u00f3 de manera maliciosa. Este problema se ha solucionado en 0.8.1. El problema se puede mitigar asegur\u00e1ndose de que solo se carguen im\u00e1genes confiables del kernel o verificando que los encabezados no apunten m\u00e1s all\u00e1 del final del archivo."}], "lastModified": "2023-06-27T14:59:10.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linux-loader_project:linux-loader:*:*:*:*:*:rust:*:*", "vulnerable": true, "matchCriteriaId": "A355AAE5-D5A1-42D6-B6DC-C5835FAEE011", "versionEndExcluding": "0.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}