Linux Kernel vdpa Attribute Length Check Vulnerability Leading to Out-of-Bounds Read

A vulnerability in the Linux kernel's Virtual Data Path Acceleration (vdpa) management has been addressed. The issue arose because the vdpa_nl_policy structure, responsible for validating netlink attributes, lacked a proper length check for the 'max vqp' attribute. This omission could have allowed illegal attributes to be parsed, potentially leading to an out-of-bounds read, similar to the issue described in CVE-2023-3773. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could be exploited to cause an out-of-bounds read, which may lead to information disclosure or memory corruption.

Reproduction

The vulnerability can be reproduced by sending a netlink message that includes the 'max vqp' attribute without the proper length validation. This will result in the vdpa_nl_policy parsing an invalid attribute, causing an out-of-bounds read.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.