StarlingX

[Debian] CVE: CVE-2022-3643/CVE-2022-3524: kernel: multiple CVEs

Bug #2002280 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Critical
Jiping Ma

Bug Description

CVE-2022-3643: https://nvd.nist.gov/vuln/detail/CVE-2022-3643

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.

CVE-2022-3524: https://nvd.nist.gov/vuln/detail/CVE-2022-3524

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.

Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-3643 fixed 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2022-3524 fixed  7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Upgrade Yocto kernel v5.10.159

Found during December 2022 CVE scan using vulscan

CVE References

Yue Tao (wrytao)
information type: Public → Public Security
Changed in starlingx:
status: New → Triaged
importance: Undecided → Critical
tags: added: stx.8.0 stx.security
Jiping Ma (jma11)
Changed in starlingx:
assignee: nobody → Jiping Ma (jma11)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kernel (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/kernel/+/872263

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kernel (master)

Reviewed: https://review.opendev.org/c/starlingx/kernel/+/872263
Committed: https://opendev.org/starlingx/kernel/commit/389f65482ffd4c6ac057e59c454d96ae53fcc042
Submitter: "Zuul (22348)"
Branch: master

commit 389f65482ffd4c6ac057e59c454d96ae53fcc042
Author: Jiping Ma <email address hidden>
Date: Tue Jan 31 02:53:28 2023 -0500

    Update kernel to v5.10.162

    This commit updates kernel to 5.10.162 to fix many issues, including the
    following CVE issues.
    CVE-2022-3643: https://nvd.nist.gov/vuln/detail/CVE-2022-3643
    CVE-2022-3524: https://nvd.nist.gov/vuln/detail/CVE-2022-3524

    Our source patches do not require refresh against the new kernel source.

    Verification:
    - Build kernel and out of tree modules success for rt and std.
    - Build iso success for rt and std.
    - Install success onto a All-in-One lab with rt kernel.
    - Boot up successfully in the lab.
    - The sanity testing was run including kernel and applications
      by our test team.
    - The cyclictest benchmark was also run on the starlingx lab, the result
      is "samples: 259199998 avg: 1628 max: 4387 99.9999th percentile: 2996
      overflows: 0", It is not big difference with 5.10.152 for avg and
      99.9999th, but max value seems little higher than 5.10.152.

    Closes-Bug: 2002280
    Signed-off-by: Jiping Ma <email address hidden>
    Change-Id: Ib2017625a92f51e02a41a8d14d8ba850f9c0721a

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.