Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-EB87748E07.NASLHistoryApr 29, 2024 - 12:00 a.m.
Fedora 40 : firecracker / virtiofsd (2023-eb87748e07)
2024-04-2900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
fedora 40
firecracker
vulnerability
vmm
virtio backend drivers
vhost drivers
memory access
cve-2023-41051
upgrade
nessus scanner
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-eb87748e07 advisory.
- In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the
VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}trait functions, which allows out-of-bounds memory access if theVolatileMemory::get_slicefunction returns aVolatileSlicewhose length is less than the function’scountargument. No implementations ofget_sliceprovided invm_memoryare affected. Users of customVolatileMemoryimplementations may be impacted if the custom implementation does not adhere toget_slice’s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that theVolatileSlicereturned byget_sliceis of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.
(CVE-2023-41051)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-eb87748e07
#
include('compat.inc');
if (description)
{
script_id(194631);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/29");
script_cve_id("CVE-2023-41051");
script_xref(name:"FEDORA", value:"2023-eb87748e07");
script_name(english:"Fedora 40 : firecracker / virtiofsd (2023-eb87748e07)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the
FEDORA-2023-eb87748e07 advisory.
- In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual
device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The
vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An
issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref,
aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds
memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less
than the function's `count` argument. No implementations of `get_slice` provided in `vm_memory` are
affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation
does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in
version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of
the correct length. Users are advised to upgrade. There are no known workarounds for this issue.
(CVE-2023-41051)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-eb87748e07");
script_set_attribute(attribute:"solution", value:
"Update the affected firecracker and / or virtiofsd packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-41051");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/01");
script_set_attribute(attribute:"patch_publication_date", value:"2023/09/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:40");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:firecracker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:virtiofsd");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^40([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 40', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'firecracker-1.4.1-2.fc40', 'release':'FC40', 'rpm_spec_vers_cmp':TRUE},
{'reference':'virtiofsd-1.7.0-4.fc40', 'release':'FC40', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firecracker / virtiofsd');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 40 | cpe:/o:fedoraproject:fedora:40 |
| fedoraproject | fedora | firecracker | p-cpe:/a:fedoraproject:fedora:firecracker |
| fedoraproject | fedora | virtiofsd | p-cpe:/a:fedoraproject:fedora:virtiofsd |
Related
debiancve
debiancve
CVE-2023-41051
2023-09-01 19:15:42
prion
prion
Design/Logic Flaw
2023-09-01 19:15:00
ubuntucve
ubuntucve
CVE-2023-41051
2023-09-01 00:00:00
nessus
nessus
Fedora 37 : firecracker (2023-1db67725f2)
2023-09-27 00:00:00
Fedora 38 : firecracker / libkrun / virtiofsd (2023-c19aaa2283)
2023-09-28 00:00:00
Fedora 39 : firecracker / virtiofsd (2023-8e6ae98f81)
2023-11-07 00:00:00
openvas
openvas
Fedora: Security Advisory for libkrun (FEDORA-2023-c19aaa2283)
2023-10-01 00:00:00
Fedora: Security Advisory for virtiofsd (FEDORA-2023-c19aaa2283)
2023-10-01 00:00:00
Fedora: Security Advisory for firecracker (FEDORA-2023-1db67725f2)
2023-09-28 00:00:00
nvd
nvd
CVE-2023-41051
2023-09-01 19:15:42
osv
osv
fedora
fedora
[SECURITY] Fedora 37 Update: firecracker-1.4.1-2.fc37
2023-09-28 00:49:26
[SECURITY] Fedora 39 Update: firecracker-1.4.1-2.fc39
2023-09-23 00:18:23
[SECURITY] Fedora 38 Update: virtiofsd-1.7.0-4.fc38
2023-09-28 01:36:45
cvelist
cvelist
cve
cve
CVE-2023-41051
2023-09-01 19:15:42
github
github
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
Related for FEDORA_2023-EB87748E07.NASL