A buffer overflow flaw was found, in versions from 2.6.34...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Feb 10, 2023
Description
Published by the National Vulnerability Database
Sep 17, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Feb 10, 2023
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.
References