Ubuntu.comUB:CVE-2023-50711

HistoryJan 02, 2024 - 12:00 a.m.

CVE-2023-50711

2024-01-0200:00:00

ubuntu.com

vmm-sys-util collection modules

rust-vmm components

out of bounds memory

deserialization

header length

rust-unsafe code

unix

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.8%

JSON

vmm-sys-util is a collection of modules that provides helpers and utilities
used by multiple rust-vmm components. Starting in version 0.5.0 and prior
to version 0.12.0, an issue in the FamStructWrapper::deserialize
implementation provided by the crate for
vmm_sys_util::fam::FamStructWrapper can lead to out of bounds memory
accesses. The deserialization does not check that the length stored in the
header matches the flexible array length. Mismatch in the lengths might
allow out of bounds memory access through Rust-safe methods. The issue was
corrected in version 0.12.0 by inserting a check that verifies the lengths
of compared flexible arrays are equal for any deserialized header and
aborting deserialization otherwise. Moreover, the API was changed so that
header length can only be modified through Rust-unsafe code. This ensures
that users cannot trigger out-of-bounds memory access from Rust-safe code.

OSVersionArchitecturePackageVersionFilename
ubuntu23.10noarchrust-vmm-sys-util< anyUNKNOWN
ubuntu24.04noarchrust-vmm-sys-util< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	23.10	noarch	rust-vmm-sys-util	< any	UNKNOWN
ubuntu	24.04	noarch	rust-vmm-sys-util	< any	UNKNOWN

References

github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9

launchpad.net/bugs/cve/CVE-2023-50711

nvd.nist.gov/vuln/detail/CVE-2023-50711

security-tracker.debian.org/tracker/CVE-2023-50711

www.cve.org/CVERecord?id=CVE-2023-50711