PT-2024-1299 · Xen+6 · Xen+6

Pratyush Yadav

Published

2024-01-08

Updated

2025-06-02

CVE-2023-46838

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue is related to the processing of transmit requests in Xen's virtual network protocol, which can consist of multiple parts. When all parts of a particular request are of zero length, it can lead to a de-reference of NULL in core networking code. This can potentially cause a denial of service. The xenvif get requests() function in the drivers/net/xen-netback/netback.c module is associated with this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

ALT-PU-2024-10855

ALT-PU-2024-17576

ALT-PU-2024-1867

AZL-34016

AZL-34863

BDU:2024-00738

CVE-2023-46838

DLA-3840-1

DLA-3841-1

MGASA-2024-0032

MGASA-2024-0033

OESA-2024-1175

OESA-2024-1176

OESA-2024-1177

OESA-2024-1178

OESA-2024-1179

OESA-2024-1180

OPENSUSE-SU-2024_0469-1

OPENSUSE-SU-2024_0515-1

SUSE-SU-2024:0463-1

SUSE-SU-2024:0468-1

SUSE-SU-2024:0469-1

SUSE-SU-2024:0474-1

SUSE-SU-2024:0476-1

SUSE-SU-2024:0478-1

SUSE-SU-2024:0483-1

SUSE-SU-2024:0484-1

SUSE-SU-2024:0514-1

SUSE-SU-2024:0515-1

SUSE-SU-2024:0516-1

USN-6688-1

USN-6701-1

USN-6701-2

USN-6701-3

USN-6701-4

USN-6724-1

USN-6724-2

USN-6725-1

USN-6725-2

USN-6726-1

USN-6726-2

USN-6726-3

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Xen

PT-2024-1299 · Xen+6 · Xen+6

CVE-2023-46838

Weakness Enumeration

Related Identifiers

Affected Products

References · 333