CVE-2023-1078
CVSS V2 None
CVSS V3 None
Description
A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.
Overview
- CVE ID
- CVE-2023-1078
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-27T21:15:10
- Last Modified Date
- 2023-04-03T18:49:17
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | 1 | OR |
References
Reference URL | Reference Tags |
---|---|
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d | Mailing List Patch |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-1078 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1078 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2023-04-17 03:34:08 | Added to TrackCVE | |||
2023-04-17 03:34:10 | Weakness Enumeration | new |