GHSA-RFCF-H5V4-MCFH

Vulnerability from github – Published: 2024-08-22 03:31 – Updated: 2024-08-22 03:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

When calling gnttab_end_foreign_access_ref() the returned value must be tested and the reaction to that value should be appropriate.

In case of failure in xennet_get_responses() the reaction should not be to crash the system, but to disable the network device.

The calls in setup_netfront() can be replaced by calls of gnttab_end_foreign_access(). While at it avoid double free of ring pages and grant references via xennet_disconnect_backend() in this case.

This is CVE-2022-23042 / part of XSA-396.

V2: - avoid double free V3: - remove pointless initializer (Jan Beulich)

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-48900"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-22T02:15:04Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/netfront: react properly to failing gnttab_end_foreign_access_ref()\n\nWhen calling gnttab_end_foreign_access_ref() the returned value must\nbe tested and the reaction to that value should be appropriate.\n\nIn case of failure in xennet_get_responses() the reaction should not be\nto crash the system, but to disable the network device.\n\nThe calls in setup_netfront() can be replaced by calls of\ngnttab_end_foreign_access(). While at it avoid double free of ring\npages and grant references via xennet_disconnect_backend() in this case.\n\nThis is CVE-2022-23042 / part of XSA-396.\n\n---\nV2:\n- avoid double free\nV3:\n- remove pointless initializer (Jan Beulich)",
  "id": "GHSA-rfcf-h5v4-mcfh",
  "modified": "2024-08-22T03:31:33Z",
  "published": "2024-08-22T03:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48900"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0e35f3ab69bcb01fdbf5aadc78f1731778963b1c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b9f4115738af90427a8c94a3980bc52fbb23296"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/206c8e271ba2630f1d809123945d9c428f93b0f0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/34630641e955f23ae06db178822d99d0a9d89b20"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66e3531b33ee51dad17c463b4d9c9f52e341503d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c307029d811e03546d18d0e512fe295b3103b8e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4497b057b14274e159434f0ed70439a21f3d2a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dea18aef2021022a568f4d385a1386f51a9df6ff"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.