Wind River Support Network

Meet the Support Network

Home CVE Database CVE-2022-3643

CVE-2022-3643

Description

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior.

Priority: --
CVSS v3: 6.5
Component: linux
Publish Date: Dec 7, 2022
Related ID: --
CVSS v2: MEDIUM
Modified Date: Dec 7, 2022

Find out more about CVE-2022-3643 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Not Vulnerable -- -- --
Wind River Linux 8 Requires LTSS -- -- --
Wind River Linux 9 Requires LTSS -- -- --
Wind River Linux 7 Requires LTSS -- -- --
Wind River Linux LTS 21 Fixed LIN1021-5009
 10.21.20.16 --
Wind River Linux LTS 22 Fixed LIN1022-2966
 10.22.33.4 --
Wind River Linux LTS 18 Fixed LIN1018-10169
 10.18.44.29 --
Wind River Linux LTS 19 Fixed LIN1019-9255
 10.19.45.27 --
Wind River Linux CD release Fixed LINCD-11395
 10.23.5.0 --
Wind River Linux 6 Requires LTSS -- -- --
Wind River Linux LTS 23 Not Vulnerable -- -- --
Wind River Linux LTS 24 Fixed -- 10.23.5.0 --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --
Helix Virtualization Platform Cert Edition
Helix Virtualization Platform Cert Edition Not Vulnerable -- -- --
eLxr
eLxr 12 Not Vulnerable -- -- --
Wind River Studio Cloud Platform

Related Products

Product Name Status Defect Fixed Downloads

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube