ghsa-79f3-76v5-g4m8
Vulnerability from github
Published
2025-10-01 12:30
Modified
2025-10-01 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

xen/netback: Fix buffer overrun triggered by unusual packet

It is possible that a guest can send a packet that contains a head + 18 slots and yet has a len <= XEN_NETBACK_TX_COPY_LEN. This causes nr_slots to underflow in xenvif_get_requests() which then causes the subsequent loop's termination condition to be wrong, causing a buffer overrun of queue->tx_map_ops.

Rework the code to account for the extra frag_overflow slots.

This is CVE-2023-34319 / XSA-432.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-53502"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T12:15:53Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netback: Fix buffer overrun triggered by unusual packet\n\nIt is possible that a guest can send a packet that contains a head + 18\nslots and yet has a len \u003c= XEN_NETBACK_TX_COPY_LEN. This causes nr_slots\nto underflow in xenvif_get_requests() which then causes the subsequent\nloop\u0027s termination condition to be wrong, causing a buffer overrun of\nqueue-\u003etx_map_ops.\n\nRework the code to account for the extra frag_overflow slots.\n\nThis is CVE-2023-34319 / XSA-432.",
  "id": "GHSA-79f3-76v5-g4m8",
  "modified": "2025-10-01T12:30:30Z",
  "published": "2025-10-01T12:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53502"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/11e6919ae028b5de1fc48007354ea07069561b31"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/534fc31d09b706a16d83533e16b5dc855caf7576"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b14a3924c2675c22e07a5a190223b6b6cdc2867d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bc7b9a6c2ca42b116b0f24dbaa52b5a07d96d1d6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cf482893f721f76ac60c0a43482a59b2f194156b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e1142d87c185c7d7bbf05d175754638b5b9dbf16"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f9167a2d6b943f30743de6ff8163d1981c34f9a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fa5b932b77c815d0e416612859d5899424bb4212"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.