Lin Liu

Researcher fromCitrix
#27775of 53,635
9.1Total CVSS
Vulnerabilities · 2
Low
1
Medium
1
PT-2024-11834
5.5
2022-12-05
Linux · Linux Kernel · CVE-2022-48969
**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel's xen-netfront component is related to resource management errors in the `netfront resume()` function. The issue arises when a NAPI is set up for each network sring to poll data to the kernel. During live migration, the sring with the source host is destroyed before the migration, and a new sring with the target host is set up after the migration. However, the NAPI for the old sring is not deleted until the new sring with the target host is set up after the migration. With `busy poll`/`busy read` enabled, the NAPI can be polled before it is deleted when the VM is resumed, leading to a kernel NULL pointer dereference. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2015-2192
3.6
2015-10-01
Xen · Qemu-Xen · CVE-2015-7311
**Name of the Vulnerable Software and Affected Versions** Xen versions 4.1.x through 4.6.x **Description** The issue arises from the libxl library in Xen not properly handling the readonly flag on disks when using the qemu-xen device model. This allows local guest users to write to a read-only disk image, potentially leading to unauthorized data modification. The vulnerability is due to the lack of restrictions on writing when using qemu-xen devices, enabling a local attacker to write data to a disk intended for read-only access. **Recommendations** For Xen versions 4.1.x through 4.6.x, consider restricting access to the qemu-xen device model until a patch is available to properly enforce the readonly flag on disks. As a temporary workaround, limiting the use of read-only disk images with the qemu-xen device model can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.