Re: CVE-2023-53502: xen/netback: Fix buffer overrun triggered by unusual packet
From: Greg KH
Date: Wed Oct 01 2025 - 09:08:09 EST
On Wed, Oct 01, 2025 at 02:05:47PM +0200, Juergen Gross wrote:
> On 01.10.25 13:45, Greg Kroah-Hartman wrote:
> > From: Greg Kroah-Hartman <gregkh@xxxxxxxxxx>
> >
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > xen/netback: Fix buffer overrun triggered by unusual packet
> >
> > It is possible that a guest can send a packet that contains a head + 18
> > slots and yet has a len <= XEN_NETBACK_TX_COPY_LEN. This causes nr_slots
> > to underflow in xenvif_get_requests() which then causes the subsequent
> > loop's termination condition to be wrong, causing a buffer overrun of
> > queue->tx_map_ops.
> >
> > Rework the code to account for the extra frag_overflow slots.
> >
> > This is CVE-2023-34319 / XSA-432.
> >
> > The Linux kernel CVE team has assigned CVE-2023-53502 to this issue.
>
> As can be seen right above your line "The Linux kernel CVE team ..."
> this issue has been handled by the Xen security team already and a
> CVE is assigned since then.
Ugh, then why doesn't that CVE reference this commit properly? I do
sweep all old CVE assignments when doing this old-rereview. Any chance
you can go and update these CVE entries with the proper git ids?
> Please revoke your CVE assignment.
Will go do so now, thanks for catching this.
greg k-h