CVE-2022-3643

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.

Los invitados pueden activar el reinicio, cancelación o bloqueo de la interfaz NIC a través de netback. Es posible que un invitado active un reinicio, cancelación o bloqueo de la interfaz NIC en un servidor de red basado en Linux enviando ciertos tipos de paquetes. Parece ser una suposición (¿no escrita?) en el resto de la pila de red de Linux de que todos los encabezados de protocolo de paquetes están contenidos dentro de la sección lineal del SKB y que algunas NIC se comportan mal si este no es el caso. Se ha informado que esto ocurre con Cisco (enic) y Broadcom NetXtrem II BCM5780 (bnx2x), aunque también puede ser un problema con otras NIC/controladores. En caso de que el frontend envíe solicitudes con encabezados divididos, netback reenviará aquellas que violen la suposición mencionada anteriormente al núcleo de la red, lo que resultará en dicho mal comportamiento.

*Credits: N/A

CVSS Scores

NISTv3.1 6.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-10-21 CVE Reserved
2022-12-07 CVE Published
2024-03-13 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CAPEC

References (5)

URL	Tag	Source
http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html
http://www.openwall.com/lists/oss-security/2022/12/07/2	Mailing List
https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html	Mailing List
https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://xenbits.xenproject.org/xsa/advisory-423.txt	2023-11-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.19 < 4.9.336 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.9.336"	-	Affected	in	Broadcom Search vendor "Broadcom"	Bcm5780 Search vendor "Broadcom" for product "Bcm5780"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 4.10 < 4.14.302 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.302"	-	Affected	in	Broadcom Search vendor "Broadcom"	Bcm5780 Search vendor "Broadcom" for product "Bcm5780"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 4.15 < 4.19.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.269"	-	Affected	in	Broadcom Search vendor "Broadcom"	Bcm5780 Search vendor "Broadcom" for product "Bcm5780"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 4.20 < 5.4.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.227"	-	Affected	in	Broadcom Search vendor "Broadcom"	Bcm5780 Search vendor "Broadcom" for product "Bcm5780"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 5.5 < 5.10.159 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.159"	-	Affected	in	Broadcom Search vendor "Broadcom"	Bcm5780 Search vendor "Broadcom" for product "Bcm5780"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 5.11 < 5.15.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.15.83"	-	Affected	in	Broadcom Search vendor "Broadcom"	Bcm5780 Search vendor "Broadcom" for product "Bcm5780"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 5.16 < 6.0.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.16 < 6.0.13"	-	Affected	in	Broadcom Search vendor "Broadcom"	Bcm5780 Search vendor "Broadcom" for product "Bcm5780"	-	-	Safe
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected