Lucene search
PRIOn knowledge basePRION:CVE-2022-23523HistoryDec 13, 2022 - 8:15 a.m.
Code injection
2022-12-1308:15:00
PRIOn knowledge base
www.prio-n.com
2
code injection
linux-loader
elf headers
In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the linux-loader crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux-loader | lt | 0.8.1 |
Related
nvd
nvd
CVE-2022-23523
2022-12-13 08:15:10
osv
osv
CVE-2022-23523
2022-12-13 08:15:10
linux-loader reading beyond EOF could lead to infinite loop
2022-12-12 22:35:41
cve
cve
CVE-2022-23523
2022-12-13 08:15:10
cvelist
cvelist
CVE-2022-23523 rust-vmm linux-loader vulnerable to Out-of-bounds Read
2022-12-13 07:41:47
github
github
linux-loader reading beyond EOF could lead to infinite loop
2022-12-12 22:35:41