SB20241230116 - Out-of-bounds read in Linux kernel vfio pci driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2024-53214)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/06f2fcf49854ad05a09d09e0dbee6544fff04695
• https://git.kernel.org/stable/c/0918f5643fc6c3f7801f4a22397d2cc09ba99207
• https://git.kernel.org/stable/c/1ef195178fb552478eb2587df4ad3be14ef76507
• https://git.kernel.org/stable/c/4464e5aa3aa4574063640f1082f7d7e323af8eb4
• https://git.kernel.org/stable/c/6c6502d944168cbd7e03a4a08ad6488f78d73485
• https://git.kernel.org/stable/c/7d121f66b67921fb3b95e0ea9856bfba53733e91
• https://git.kernel.org/stable/c/949bee8065a85a5c6607c624dc05b5bc17119699
• https://git.kernel.org/stable/c/9567bd34aa3b986736c290c5bcba47e0182ac47a
• https://git.kernel.org/stable/c/fe4bf8d0b6716a423b16495d55b35d3fe515905d
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.325
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.174
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.287
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64