[Pkg-rust-maintainers] Bug#1060860: rust-vmm-sys-util: CVE-2023-50711
Moritz Mühlenhoff
jmm at inutil.org
Mon Jan 15 19:48:18 GMT 2024
Source: rust-vmm-sys-util
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for rust-vmm-sys-util.
CVE-2023-50711[0]:
| vmm-sys-util is a collection of modules that provides helpers and
| utilities used by multiple rust-vmm components. Starting in version
| 0.5.0 and prior to version 0.12.0, an issue in the
| `FamStructWrapper::deserialize` implementation provided by the crate
| for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds
| memory accesses. The deserialization does not check that the length
| stored in the header matches the flexible array length. Mismatch in
| the lengths might allow out of bounds memory access through Rust-
| safe methods. The issue was corrected in version 0.12.0 by inserting
| a check that verifies the lengths of compared flexible arrays are
| equal for any deserialized header and aborting deserialization
| otherwise. Moreover, the API was changed so that header length can
| only be modified through Rust-unsafe code. This ensures that users
| cannot trigger out-of-bounds memory access from Rust-safe code.
https://rustsec.org/advisories/RUSTSEC-2024-0002.html
https://github.com/advisories/GHSA-875g-mfp6-g7f9
https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167 (v0.12.1)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-50711
https://www.cve.org/CVERecord?id=CVE-2023-50711
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-rust-maintainers
mailing list