Re: CVE-2022-48900: xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

From: Juergen Gross
Date: Thu Aug 22 2024 - 01:46:21 EST


Please revoke this CVE, as CVE-2022-23042 has been allocated for this issue
2 years ago already.

This is even clearly visible ...

On 22.08.24 05:31, Greg Kroah-Hartman wrote:
Description
===========

In the Linux kernel, the following vulnerability has been resolved:

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

When calling gnttab_end_foreign_access_ref() the returned value must
be tested and the reaction to that value should be appropriate.

In case of failure in xennet_get_responses() the reaction should not be
to crash the system, but to disable the network device.

The calls in setup_netfront() can be replaced by calls of
gnttab_end_foreign_access(). While at it avoid double free of ring
pages and grant references via xennet_disconnect_backend() in this case.

This is CVE-2022-23042 / part of XSA-396.

... here.


Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature