Home > Vulnerability Database > CVE-2022-23523

Mend.io Vulnerability Database

CVE-2022-23523

Good to know:

Date: December 13, 2022

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.

Language: RUST

Severity Score

4.0

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23523

Url: https://github.com/rust-vmm/linux-loader/pull/125

Url: https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6

Url: https://github.com/rust-vmm/linux-loader/commit/a44f152da4f38c538ed492b1efa8515be2047db2

Url: https://github.com/rust-vmm/linux-loader

Url: https://www.mend.io/vulnerability-database/CVE-2022-23523

Severity Score

4.0

Weakness Type (CWE)

Buffer Errors

CWE-119

Out-of-bounds Read

CWE-125

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version linux-loader - 0.8.1

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23523

Good to know:

Date: December 13, 2022

Language: RUST

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?