4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
10.3%
An issue was discovered in the default implementations of the VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}
trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice
function returns a VolatileSlice
whose length is less than the functionβs count
argument. No implementations of get_slice
provided in vm_memory
are affected. Users of custom VolatileMemory
implementations may be impacted if the custom implementation does not adhere to get_slice
βs documentation.
The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the VolatileSlice
returned by get_slice
is of the correct length.
Not Required
https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8
https://crates.io/crates/vm-memory/0.12.2
crates.io/crates/vm-memory/0.12.2
github.com/advisories/GHSA-49hh-fprx-m68g
github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8
github.com/rust-vmm/vm-memory/issues/250
github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g
lists.fedoraproject.org/archives/list/[email protected]/message/IPXRXD5VXBZHBGMUM77B52CJJMG7EJGI/
lists.fedoraproject.org/archives/list/[email protected]/message/SYM6CYW2DWRHRAVL2HYTQPXC3J2V77J4/
lists.fedoraproject.org/archives/list/[email protected]/message/XZGJL6BQLU4XCPQLLTW4GSSBTNQXB3TI/
nvd.nist.gov/vuln/detail/CVE-2023-41051
rustsec.org/advisories/RUSTSEC-2023-0056.html