In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_VID). It may cause out-of-bounds memory access once the VLAN id is bigger than or equal to VLAN_N_VID. Therefore, VLAN id needs to be checked to ensure it is within the range of VLAN_N_VID.
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: net: hns3: añadir validación de ID de VLAN antes de usar Actualmente, el ID de VLAN puede ser usado sin validación cuando se recibe un buzón de configuración de VLAN desde VF. La longitud de vlan_del_fail_bmap es BITS_TO_LONGS(VLAN_N_VID). Puede causar acceso a memoria fuera de límites una vez que el ID de VLAN es mayor o igual que VLAN_N_VID. Por lo tanto, el ID de VLAN necesita ser verificado para asegurar que está dentro del rango de VLAN_N_VID.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-125
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc125280> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc126200> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc127bc0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc125040> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bcc1248c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702b829a46c0> | Operating System |
| linux | linux_kernel | 5.3 | <built-in method update of dict object at 0x702bcc127fc0> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bcc127440> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bcc125980> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bcc125c00> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bdd6ada80> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bcc126d80> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bddf48100> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bde536680> | Operating System |
| linux | linux_kernel | 6.19 | <built-in method update of dict object at 0x702bcc124cc0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:5.3:-:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:* |