First published: Tue Aug 08 2023(Updated: )
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
Credit: security@xen.org security@xen.org security@xen.org
Affected Software | Affected Version | How to fix |
---|---|---|
Xen Xen | >=3.2.0 | |
Debian Debian Linux | =10.0 | |
ubuntu/linux | <4.15.0-219.230 | 4.15.0-219.230 |
ubuntu/linux | <5.4.0-165.182 | 5.4.0-165.182 |
ubuntu/linux | <5.15.0-87.97 | 5.15.0-87.97 |
ubuntu/linux | <6.2.0-35.35 | 6.2.0-35.35 |
ubuntu/linux | <6.5~ | 6.5~ |
ubuntu/linux | <4.4.0-246.280 | 4.4.0-246.280 |
ubuntu/linux-allwinner | <6.5~ | 6.5~ |
ubuntu/linux-allwinner-5.19 | <6.5~ | 6.5~ |
ubuntu/linux-aws | <4.15.0-1162.175 | 4.15.0-1162.175 |
ubuntu/linux-aws | <5.4.0-1112.121 | 5.4.0-1112.121 |
ubuntu/linux-aws | <5.15.0-1048.53 | 5.15.0-1048.53 |
ubuntu/linux-aws | <6.2.0-1014.14 | 6.2.0-1014.14 |
ubuntu/linux-aws | <4.4.0-1124.130 | 4.4.0-1124.130 |
ubuntu/linux-aws | <6.5~ | 6.5~ |
ubuntu/linux-aws | <4.4.0-1162.177 | 4.4.0-1162.177 |
ubuntu/linux-aws-5.0 | <6.5~ | 6.5~ |
ubuntu/linux-aws-5.15 | <5.15.0-1048.53~20.04.1 | 5.15.0-1048.53~20.04.1 |
ubuntu/linux-aws-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-aws-5.19 | <6.5~ | 6.5~ |
ubuntu/linux-aws-5.4 | <5.4.0-1112.121~18.04.2 | 5.4.0-1112.121~18.04.2 |
ubuntu/linux-aws-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-aws-6.2 | <6.2.0-1014.14~22.04.1 | 6.2.0-1014.14~22.04.1 |
ubuntu/linux-aws-6.2 | <6.5~ | 6.5~ |
ubuntu/linux-aws-hwe | <6.5~ | 6.5~ |
ubuntu/linux-aws-hwe | <4.15.0-1162.175~16.04.1 | 4.15.0-1162.175~16.04.1 |
ubuntu/linux-azure | <5.4.0-1118.125 | 5.4.0-1118.125 |
ubuntu/linux-azure | <5.15.0-1050.57 | 5.15.0-1050.57 |
ubuntu/linux-azure | <6.2.0-1015.15 | 6.2.0-1015.15 |
ubuntu/linux-azure | <4.15.0-1171.186~14.04.1 | 4.15.0-1171.186~14.04.1 |
ubuntu/linux-azure | <6.5~ | 6.5~ |
ubuntu/linux-azure | <4.15.0-1171.186~16.04.1 | 4.15.0-1171.186~16.04.1 |
ubuntu/linux-azure-4.15 | <4.15.0-1171.186 | 4.15.0-1171.186 |
ubuntu/linux-azure-4.15 | <6.5~ | 6.5~ |
ubuntu/linux-azure-5.15 | <5.15.0-1050.57~20.04.1 | 5.15.0-1050.57~20.04.1 |
ubuntu/linux-azure-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-azure-5.4 | <5.4.0-1118.125~18.04.1 | 5.4.0-1118.125~18.04.1 |
ubuntu/linux-azure-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-azure-6.2 | <6.2.0-1015.15~22.04.1 | 6.2.0-1015.15~22.04.1 |
ubuntu/linux-azure-6.2 | <6.5~ | 6.5~ |
ubuntu/linux-azure-edge | <6.5~ | 6.5~ |
ubuntu/linux-azure-fde | <5.15.0-1050.57.1 | 5.15.0-1050.57.1 |
ubuntu/linux-azure-fde | <6.5~ | 6.5~ |
ubuntu/linux-azure-fde-5.15 | <5.15.0-1050.57~20.04.1.1 | 5.15.0-1050.57~20.04.1.1 |
ubuntu/linux-azure-fde-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-azure-fde-5.19 | <6.5~ | 6.5~ |
ubuntu/linux-azure-fde-6.2 | <6.2.0-1015.15~22.04.1.1 | 6.2.0-1015.15~22.04.1.1 |
ubuntu/linux-azure-fde-6.2 | <6.5~ | 6.5~ |
ubuntu/linux-bluefield | <5.4.0-1073.79 | 5.4.0-1073.79 |
ubuntu/linux-bluefield | <6.5~ | 6.5~ |
ubuntu/linux-dell300x | <6.5~ | 6.5~ |
ubuntu/linux-fips | <6.5~ | 6.5~ |
ubuntu/linux-gcp | <5.4.0-1116.125 | 5.4.0-1116.125 |
ubuntu/linux-gcp | <5.15.0-1045.53 | 5.15.0-1045.53 |
ubuntu/linux-gcp | <6.2.0-1017.19 | 6.2.0-1017.19 |
ubuntu/linux-gcp | <6.5~ | 6.5~ |
ubuntu/linux-gcp | <4.15.0-1156.173~16.04.1 | 4.15.0-1156.173~16.04.1 |
ubuntu/linux-gcp-4.15 | <4.15.0-1156.173 | 4.15.0-1156.173 |
ubuntu/linux-gcp-4.15 | <6.5~ | 6.5~ |
ubuntu/linux-gcp-5.15 | <5.15.0-1045.53~20.04.2 | 5.15.0-1045.53~20.04.2 |
ubuntu/linux-gcp-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-gcp-5.19 | <6.5~ | 6.5~ |
ubuntu/linux-gcp-5.4 | <5.4.0-1116.125~18.04.1 | 5.4.0-1116.125~18.04.1 |
ubuntu/linux-gcp-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-gcp-6.2 | <6.2.0-1017.19~22.04.1 | 6.2.0-1017.19~22.04.1 |
ubuntu/linux-gke | <5.15.0-1045.50 | 5.15.0-1045.50 |
ubuntu/linux-gke | <6.5~ | 6.5~ |
ubuntu/linux-gke-4.15 | <6.5~ | 6.5~ |
ubuntu/linux-gke-5.0 | <6.5~ | 6.5~ |
ubuntu/linux-gke-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-gke-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-gkeop | <5.4.0-1079.83 | 5.4.0-1079.83 |
ubuntu/linux-gkeop | <5.15.0-1031.37 | 5.15.0-1031.37 |
ubuntu/linux-gkeop | <6.5~ | 6.5~ |
ubuntu/linux-gkeop-5.15 | <5.15.0-1031.37~20.04.1 | 5.15.0-1031.37~20.04.1 |
ubuntu/linux-gkeop-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-gkeop-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-hwe | <6.5~ | 6.5~ |
ubuntu/linux-hwe | <4.15.0-219.230~16.04.1 | 4.15.0-219.230~16.04.1 |
ubuntu/linux-hwe-5.15 | <5.15.0-87.97~20.04.1 | 5.15.0-87.97~20.04.1 |
ubuntu/linux-hwe-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-hwe-5.4 | <5.4.0-165.182~18.04.1 | 5.4.0-165.182~18.04.1 |
ubuntu/linux-hwe-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-hwe-6.2 | <6.2.0-35.35~22.04.1 | 6.2.0-35.35~22.04.1 |
ubuntu/linux-hwe-6.2 | <6.5~ | 6.5~ |
ubuntu/linux-hwe-edge | <6.5~ | 6.5~ |
ubuntu/linux-ibm | <5.4.0-1059.64 | 5.4.0-1059.64 |
ubuntu/linux-ibm | <5.15.0-1041.44 | 5.15.0-1041.44 |
ubuntu/linux-ibm | <6.5~ | 6.5~ |
ubuntu/linux-ibm-5.15 | <5.15.0-1041.44~20.04.1 | 5.15.0-1041.44~20.04.1 |
ubuntu/linux-ibm-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-ibm-5.4 | <5.4.0-1059.64~18.04.1 | 5.4.0-1059.64~18.04.1 |
ubuntu/linux-ibm-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-intel-5.13 | <6.5~ | 6.5~ |
ubuntu/linux-intel-iotg | <5.15.0-1043.49 | 5.15.0-1043.49 |
ubuntu/linux-intel-iotg | <6.5~ | 6.5~ |
ubuntu/linux-intel-iotg-5.15 | <5.15.0-1043.49~20.04.1 | 5.15.0-1043.49~20.04.1 |
ubuntu/linux-intel-iotg-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-iot | <5.4.0-1024.25 | 5.4.0-1024.25 |
ubuntu/linux-iot | <6.5~ | 6.5~ |
ubuntu/linux-kvm | <4.15.0-1146.151 | 4.15.0-1146.151 |
ubuntu/linux-kvm | <5.4.0-1101.107 | 5.4.0-1101.107 |
ubuntu/linux-kvm | <5.15.0-1045.50 | 5.15.0-1045.50 |
ubuntu/linux-kvm | <6.2.0-1015.15 | 6.2.0-1015.15 |
ubuntu/linux-kvm | <6.5~ | 6.5~ |
ubuntu/linux-kvm | <4.4.0-1125.135 | 4.4.0-1125.135 |
ubuntu/linux-lowlatency | <5.15.0-87.96 | 5.15.0-87.96 |
ubuntu/linux-lowlatency | <6.2.0-1015.15 | 6.2.0-1015.15 |
ubuntu/linux-lowlatency | <6.5~ | 6.5~ |
ubuntu/linux-lowlatency-hwe-5.15 | <5.15.0-87.96~20.04.1 | 5.15.0-87.96~20.04.1 |
ubuntu/linux-lowlatency-hwe-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-lowlatency-hwe-5.19 | <6.5~ | 6.5~ |
ubuntu/linux-lowlatency-hwe-6.2 | <6.2.0-1015.15~22.04.1 | 6.2.0-1015.15~22.04.1 |
ubuntu/linux-lowlatency-hwe-6.2 | <6.5~ | 6.5~ |
ubuntu/linux-lts-xenial | <4.4.0-246.280~14.04.1 | 4.4.0-246.280~14.04.1 |
ubuntu/linux-lts-xenial | <6.5~ | 6.5~ |
ubuntu/linux-nvidia | <5.15.0-1039.39 | 5.15.0-1039.39 |
ubuntu/linux-nvidia | <6.5~ | 6.5~ |
ubuntu/linux-nvidia-6.2 | <6.2.0-1011.11 | 6.2.0-1011.11 |
ubuntu/linux-nvidia-6.2 | <6.5~ | 6.5~ |
ubuntu/linux-oem | <6.5~ | 6.5~ |
ubuntu/linux-oem-5.10 | <6.5~ | 6.5~ |
ubuntu/linux-oem-5.14 | <6.5~ | 6.5~ |
ubuntu/linux-oem-5.17 | <6.5~ | 6.5~ |
ubuntu/linux-oem-5.6 | <6.5~ | 6.5~ |
ubuntu/linux-oem-6.0 | <6.5~ | 6.5~ |
ubuntu/linux-oem-6.1 | <6.1.0-1021.21 | 6.1.0-1021.21 |
ubuntu/linux-oem-6.1 | <6.5~ | 6.5~ |
ubuntu/linux-oem-osp1 | <6.5~ | 6.5~ |
ubuntu/linux-oracle | <4.15.0-1125.136 | 4.15.0-1125.136 |
ubuntu/linux-oracle | <5.4.0-1111.120 | 5.4.0-1111.120 |
ubuntu/linux-oracle | <5.15.0-1046.52 | 5.15.0-1046.52 |
ubuntu/linux-oracle | <6.2.0-1014.14 | 6.2.0-1014.14 |
ubuntu/linux-oracle | <6.5~ | 6.5~ |
ubuntu/linux-oracle | <4.15.0-1125.136~16.04.1 | 4.15.0-1125.136~16.04.1 |
ubuntu/linux-oracle-5.0 | <6.5~ | 6.5~ |
ubuntu/linux-oracle-5.13 | <6.5~ | 6.5~ |
ubuntu/linux-oracle-5.15 | <5.15.0-1046.52~20.04.1 | 5.15.0-1046.52~20.04.1 |
ubuntu/linux-oracle-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-oracle-5.4 | <5.4.0-1111.120~18.04.1 | 5.4.0-1111.120~18.04.1 |
ubuntu/linux-oracle-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-raspi | <5.4.0-1096.107 | 5.4.0-1096.107 |
ubuntu/linux-raspi | <5.15.0-1041.44 | 5.15.0-1041.44 |
ubuntu/linux-raspi | <6.2.0-1015.17 | 6.2.0-1015.17 |
ubuntu/linux-raspi | <6.5~ | 6.5~ |
ubuntu/linux-raspi-5.4 | <5.4.0-1096.107~18.04.1 | 5.4.0-1096.107~18.04.1 |
ubuntu/linux-raspi-5.4 | <6.5~ | 6.5~ |
ubuntu/linux-raspi2 | <6.5~ | 6.5~ |
ubuntu/linux-riscv | <6.2.0-35.35.1 | 6.2.0-35.35.1 |
ubuntu/linux-riscv | <6.5~ | 6.5~ |
ubuntu/linux-riscv-5.15 | <5.15.0-1044.48~20.04.1 | 5.15.0-1044.48~20.04.1 |
ubuntu/linux-riscv-5.15 | <6.5~ | 6.5~ |
ubuntu/linux-snapdragon | <6.5~ | 6.5~ |
ubuntu/linux-starfive | <6.2.0-1007.8 | 6.2.0-1007.8 |
ubuntu/linux-starfive | <6.5~ | 6.5~ |
ubuntu/linux-starfive-5.19 | <6.5~ | 6.5~ |
ubuntu/linux-starfive-6.2 | <6.2.0-1007.8~22.04.1 | 6.2.0-1007.8~22.04.1 |
ubuntu/linux-starfive-6.2 | <6.5~ | 6.5~ |
ubuntu/linux-xilinx-zynqmp | <5.4.0-1032.36 | 5.4.0-1032.36 |
ubuntu/linux-xilinx-zynqmp | <5.15.0-1025.29 | 5.15.0-1025.29 |
ubuntu/linux-xilinx-zynqmp | <6.5~ | 6.5~ |
debian/linux | <=4.19.249-2 | 4.19.304-1 5.10.209-2 5.10.205-2 6.1.76-1 6.1.85-1 6.6.15-2 6.7.12-1 |
debian/linux-5.10 | 5.10.209-2~deb10u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)