{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T19:37:03.732","vulnerabilities":[{"cve":{"id":"CVE-2022-23523","sourceIdentifier":"security-advisories@github.com","published":"2022-12-13T08:15:10.140","lastModified":"2024-11-21T06:48:44.670","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file."},{"lang":"es","value":"En versiones anteriores a la 0.8.1, la caja del cargador de Linux utiliza las compensaciones y los tamaños proporcionados en los encabezados ELF para determinar las compensaciones para leer. Si esas compensaciones apuntan más allá del final del archivo, esto podría llevar a que los monitores de máquinas virtuales utilicen la caja `linux-loader` entrando en un bucle infinito si el encabezado ELF del kernel que están cargando se modificó de manera maliciosa. Este problema se ha solucionado en 0.8.1. El problema se puede mitigar asegurándose de que solo se carguen imágenes confiables del kernel o verificando que los encabezados no apunten más allá del final del archivo."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linux-loader_project:linux-loader:*:*:*:*:*:rust:*:*","versionEndExcluding":"0.8.1","matchCriteriaId":"A355AAE5-D5A1-42D6-B6DC-C5835FAEE011"}]}]}],"references":[{"url":"https://github.com/rust-vmm/linux-loader/pull/125","source":"security-advisories@github.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6","source":"security-advisories@github.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/rust-vmm/linux-loader/pull/125","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/rust-vmm/linux-loader/security/advisories/GHSA-52h2-m2cf-9jh6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}}]}