CVE-2023-53543
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointer in info->attrs before entering into each handler in vdpa_nl_ops.
That is to say, the missing part in vdpa_nl_policy may lead to illegal nlattr after parsing, which could lead to OOB read just like CVE-2023-3773.
This patch adds the missing nla_policy for vdpa max vqp attr to avoid such bugs.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 447092100c7e71aa20469a270fcee441d807ed58 < baed19c108ac8287425b93a44985bbe9a0b1af8d | affected |
| Linux | Linux | ad69dd0bf26b88ec6ab26f8bbe5cd74fbed7672a < ff71709445ac033e6e250d971683110e4781c068 | affected |
| Linux | Linux | ad69dd0bf26b88ec6ab26f8bbe5cd74fbed7672a < ea65e8b5e6b1a34deda7564f09c90e9e80db436a | affected |
| Linux | Linux | ad69dd0bf26b88ec6ab26f8bbe5cd74fbed7672a < 5d6ba607d6cb5c58a4ddf33381e18c83dbb4098f | affected |
| Linux | Linux | 5.15.198 < 5.15.209 | affected |
| Linux | Linux | 5.16 | affected |
| Linux | Linux | 0 < 5.16 | unaffected |
| Linux | Linux | 5.15.209 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.47 <= 6.1.* | unaffected |
| Linux | Linux | 6.4.12 <= 6.4.* | unaffected |
| Linux | Linux | 6.5 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/baed19c108ac8287425b93a44985bbe9a0b1af8d
- https://git.kernel.org/stable/c/ff71709445ac033e6e250d971683110e4781c068
- https://git.kernel.org/stable/c/ea65e8b5e6b1a34deda7564f09c90e9e80db436a
- https://git.kernel.org/stable/c/5d6ba607d6cb5c58a4ddf33381e18c83dbb4098f
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.