6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
11.7%
A flaw was found in vDPA with VDUSE backend. There are currently no checks
in VDUSE kernel driver to ensure the size of the device config space is in
line with the features advertised by the VDUSE userspace application. In
case of a mismatch, Virtio drivers config read helpers do not initialize
the memory indirectly passed to vduse_vdpa_get_config() returning
uninitialized memory from the stack. This could cause undefined behavior or
data leaks in Virtio drivers.
Author | Note |
---|---|
sbeattie | possibly need to pick up dc1db0060c02 (“vduse: check that offset is within bounds in get_config()”) (v5.18) issue has likely been present since c8a6153b6c59 (“vduse: Introduce VDUSE - vDPA Device in Userspace”) (v5.15) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux | < 5.15.0-57.63 | UNKNOWN |
ubuntu | 22.10 | noarch | linux | < 5.19.0-28.29 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1027.31 | UNKNOWN |
ubuntu | 22.10 | noarch | linux-aws | < 5.19.0-1016.17 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1027.31~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1030.37 | UNKNOWN |
ubuntu | 22.10 | noarch | linux-azure | < 5.19.0-1016.17 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < 5.15.0-1030.37~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-fde | < 5.15.0-1030.37 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-fde-5.15 | < 5.15.0-1030.37~20.04.1 | UNKNOWN |
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
11.7%