CVE-2023-1078

Public on 2023-03-08
Modified on 2024-04-29
Description
The upstream bug report describes this issue as follows:

A flaw found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an OOB access, and a lock corruption.
Severity
Important severity
Important
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 kernel Pending Fix
Amazon Linux 2 - Core kernel Not Affected
Amazon Linux 2 - Kernel-5.10 Extra kernel 2023-03-17 ALAS2KERNEL-5.10-2023-028 Fixed
Amazon Linux 2 - Kernel-5.15 Extra kernel 2023-03-17 ALAS2KERNEL-5.15-2023-015 Fixed
Amazon Linux 2 - Kernel-5.4 Extra kernel 2023-03-17 ALAS2KERNEL-5.4-2023-043 Fixed
Amazon Linux 2023 kernel 2023-03-11 ALAS2023-2023-132 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.157-139.675 2023-03-30 ALAS2LIVEPATCH-2023-117 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.162-141.675 2023-03-30 ALAS2LIVEPATCH-2023-116 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.165-143.735 2023-03-30 ALAS2LIVEPATCH-2023-115 Fixed
Amazon Linux 2 - Livepatch Extra kernel-livepatch-5.10.167-147.601 2023-03-30 ALAS2LIVEPATCH-2023-114 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2023-1078 Mitre: CVE-2023-1078