CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
The fix for XSA-423 added logic to Linux’es netback driver to deal with a
frontend splitting a packet in a way such that not all of the headers would
come in one piece. Unfortunately the logic introduced there didn’t account
for the extreme case of the entire packet being split into as many pieces
as permitted by the protocol, yet still being smaller than the area that’s
specially dealt with to keep all (possible) headers together. Such an
unusual packet would therefore trigger a buffer overrun in the driver.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-219.230 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-165.182 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-87.97 | UNKNOWN |
ubuntu | 23.04 | noarch | linux | < 6.2.0-35.35 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-246.280 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1162.175 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1112.121 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1048.53 | UNKNOWN |
ubuntu | 23.04 | noarch | linux-aws | < 6.2.0-1014.14 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1124.130 | UNKNOWN |
git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576
launchpad.net/bugs/cve/CVE-2023-34319
marc.info/?l=oss-security&m=169151395214375&w=2
nvd.nist.gov/vuln/detail/CVE-2023-34319
security-tracker.debian.org/tracker/CVE-2023-34319
ubuntu.com/security/notices/USN-6343-1
ubuntu.com/security/notices/USN-6439-1
ubuntu.com/security/notices/USN-6439-2
ubuntu.com/security/notices/USN-6440-1
ubuntu.com/security/notices/USN-6440-2
ubuntu.com/security/notices/USN-6440-3
ubuntu.com/security/notices/USN-6441-1
ubuntu.com/security/notices/USN-6441-2
ubuntu.com/security/notices/USN-6441-3
ubuntu.com/security/notices/USN-6442-1
ubuntu.com/security/notices/USN-6444-1
ubuntu.com/security/notices/USN-6444-2
ubuntu.com/security/notices/USN-6445-1
ubuntu.com/security/notices/USN-6445-2
ubuntu.com/security/notices/USN-6446-1
ubuntu.com/security/notices/USN-6446-2
ubuntu.com/security/notices/USN-6446-3
ubuntu.com/security/notices/USN-6466-1
www.cve.org/CVERecord?id=CVE-2023-34319
xenbits.xen.org/xsa/advisory-432.html