Juergen Gross

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the version that includes the fix for the issue in xen/netback **Description** The issue arises in the Linux kernel when the `xenvif rx next skb()` function is called with an empty rx queue. This can occur if the loop in `xenvif rx action()` performs multiple iterations without checking the availability of another skb in the rx queue, leading to crashes due to a NULL pointer dereference. The problem is resolved by stopping the loop when the rx queue becomes empty. **Recommendations** For Linux kernel versions prior to the fixed version, consider applying the patch that stops the loop in `xenvif rx action()` when the rx queue is empty to prevent crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen (affected versions not specified) **Description** The issue is related to a component of the Xen hypervisor, specifically the blkfront component, which has a resource release error. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.