cancel
Showing results for 
Search instead for 
Did you mean: 
SamPirok
Community Manager Community Manager
Community Manager

Summary

A flaw was found in the Linux kernel's RxRPC networking subsystem. When a non-linear socket buffer carrying a splice-pinned page-cache reference reaches the RxRPC authentication verification path, the kernel performs an in-place pcbc(fcrypt) decryption directly on the referenced page-cache page without first isolating the buffer with skb_copy(). An unprivileged local attacker can exploit this behavior to corrupt the page-cache contents of readable files, including sensitive system files such as /etc/passwd, and obtain root privileges. Unlike the ESP/XFRM variant, exploitation does not require unprivileged user or network namespaces, but depends on the RxRPC protocol stack (rxrpc.ko) being available on the target system.

Products not listed in the Impact Details section have not been evaluated.  Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published.  Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question

 

Products Potentially Affected

 

OS/Product

Exposure

TPVM (EXOS, VOSS)

Yes

TPVM (SLX-OS, OS ONE)

Yes

 

Repair Recommendations

  • TPVM (EXOS, VOSS):
    • Fixed in 32.7.4.15 or later.
  • TPVM (SLX-OS, OS ONE):
    • Fixed in 4.7.17 or later.

Please see the full security advisory here for more details and future updates. 

GTM-P2G8KFN