CVE-2023-1078

Public on 2023-03-08
Modified on 2023-04-03
Description

The upstream bug report describes this issue as follows:

A flaw found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an OOB access, and a lock corruption.

Severity
Important
See what this means
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 kernel 2023-03-17 16:46 ALAS2KERNEL-5.10-2023-028
Amazon Linux 2 kernel 2023-03-17 16:46 ALAS2KERNEL-5.15-2023-015
Amazon Linux 2 kernel 2023-03-17 16:45 ALAS2KERNEL-5.4-2023-043
Amazon Linux 2023 kernel 2023-03-11 01:10 ALAS2023-2023-132
Amazon Linux 2 kernel-livepatch-5.10.157-139.675 2023-03-30 22:07 ALAS2LIVEPATCH-2023-117
Amazon Linux 2 kernel-livepatch-5.10.162-141.675 2023-03-30 22:07 ALAS2LIVEPATCH-2023-116
Amazon Linux 2 kernel-livepatch-5.10.165-143.735 2023-03-30 22:07 ALAS2LIVEPATCH-2023-115
Amazon Linux 2 kernel-livepatch-5.10.167-147.601 2023-03-30 22:07 ALAS2LIVEPATCH-2023-114

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H