4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
10.3%
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-c19aaa2283 advisory.
VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}
trait functions, which allows out-of-bounds memory access if the VolatileMemory::get_slice
function returns a VolatileSlice
whose length is less than the function’s count
argument. No implementations of get_slice
provided in vm_memory
are affected. Users of custom VolatileMemory
implementations may be impacted if the custom implementation does not adhere to get_slice
’s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the VolatileSlice
returned by get_slice
is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-c19aaa2283
#
include('compat.inc');
if (description)
{
script_id(182085);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/28");
script_cve_id("CVE-2023-41051");
script_xref(name:"FEDORA", value:"2023-c19aaa2283");
script_name(english:"Fedora 38 : firecracker / libkrun / virtiofsd (2023-c19aaa2283)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the
FEDORA-2023-c19aaa2283 advisory.
- In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual
device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The
vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An
issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref,
aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds
memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less
than the function's `count` argument. No implementations of `get_slice` provided in `vm_memory` are
affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation
does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in
version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of
the correct length. Users are advised to upgrade. There are no known workarounds for this issue.
(CVE-2023-41051)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-c19aaa2283");
script_set_attribute(attribute:"solution", value:
"Update the affected firecracker, libkrun and / or virtiofsd packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-41051");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/01");
script_set_attribute(attribute:"patch_publication_date", value:"2023/09/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:38");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firecracker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libkrun");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:virtiofsd");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^38([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'firecracker-1.4.1-2.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libkrun-1.5.0-6.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
{'reference':'virtiofsd-1.7.0-4.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firecracker / libkrun / virtiofsd');
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | 38 | cpe:/o:fedoraproject:fedora:38 |
fedoraproject | fedora | firecracker | p-cpe:/a:fedoraproject:fedora:firecracker |
fedoraproject | fedora | libkrun | p-cpe:/a:fedoraproject:fedora:libkrun |
fedoraproject | fedora | virtiofsd | p-cpe:/a:fedoraproject:fedora:virtiofsd |
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
10.3%