Skip to content

Reading beyond EOF could lead to infinite loop

Low
rbradford published GHSA-52h2-m2cf-9jh6 Dec 12, 2022

Package

cargo linux-loader (Rust)

Affected versions

< 0.8.1

Patched versions

0.8.1, 0.9.0

Description

Impact

The linux-loader crate used the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets pointed beyond the end of the file this could lead to an infinite loop. Virtual Machine Monitors using the linux-loader crate could enter an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner.

Patches

The issue has been addressed in 0.8.1

Workarounds

The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers to not point beyond the end of the file.

References

See: #125

Severity

Low
1.9
/ 10

CVSS base metrics

Attack vector
Local
Attack complexity
High
Privileges required
High
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CVE ID

CVE-2022-23523

Weaknesses

No CWEs

Credits