Source: rust-vmm-sys-util X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for rust-vmm-sys-util. CVE-2023-50711[0]: | vmm-sys-util is a collection of modules that provides helpers and | utilities used by multiple rust-vmm components. Starting in version | 0.5.0 and prior to version 0.12.0, an issue in the | `FamStructWrapper::deserialize` implementation provided by the crate | for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds | memory accesses. The deserialization does not check that the length | stored in the header matches the flexible array length. Mismatch in | the lengths might allow out of bounds memory access through Rust- | safe methods. The issue was corrected in version 0.12.0 by inserting | a check that verifies the lengths of compared flexible arrays are | equal for any deserialized header and aborting deserialization | otherwise. Moreover, the API was changed so that header length can | only be modified through Rust-unsafe code. This ensures that users | cannot trigger out-of-bounds memory access from Rust-safe code. https://rustsec.org/advisories/RUSTSEC-2024-0002.html https://github.com/advisories/GHSA-875g-mfp6-g7f9 https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167 (v0.12.1) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-50711 https://www.cve.org/CVERecord?id=CVE-2023-50711 Please adjust the affected versions in the BTS as needed.