Allele Security Alert
ASA-2019-00032
Identifier(s)
ASA-2019-00032, CVE-2018-16880
Title
Out-of-bounds write in get_rx_bufs() function in drivers/vhost/net.c
Vendor(s)
Linux foundation
Product(s)
Linux
Affected version(s)
Linux releases with the following commit:
https://github.com/torvalds/linux/commit/e2b3b35eb9896f26c98b9a2c047d9111638059a2
Fixed version(s)
Unknown
Proof of concept
Unknown
Description
A flaw was found in the Linux kernel’s handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.
Technical details
Unknown
Credits
Jason Wang (Red Hat)
Reference(s)
Bug 1656472 (CVE-2018-16880) – CVE-2018-16880 kernel: Out of bounds write in get_rx_bufs() function in drivers/vhost/net.c
https://bugzilla.redhat.com/show_bug.cgi?id=1656472
CVE-2018-16880 Linux kernel: oob-write in drivers/vhost/net.c:get_rx_bufs()
https://seclists.org/oss-sec/2019/q1/94
vhost_net: batch used ring update in rx
https://github.com/torvalds/linux/commit/e2b3b35eb9896f26c98b9a2c047d9111638059a2
CVE-2018-16880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16880
CVE-2018-16880
https://nvd.nist.gov/vuln/detail/CVE-2018-16880
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 1, 2019