Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
rust-vmm linux-loader vulnerable to Out-of-bounds Read
Vulnerability Description
In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
跨界内存读
Vulnerability Title
Linux-loader 安全漏洞
Vulnerability Description
Linux-loader是rust-vmm开源的一个 Linux 内核加载器。 Linux-loader 0.8.1之前版本存在安全漏洞,该漏洞源于使用 ELF 标头中提供的偏移量和大小来确定要读取的偏移量,如果这些偏移指向文件末尾之外,这可能会导致无限循环。
CVSS Information
N/A
Vulnerability Type
N/A