CVE-2023-46838

Name
CVE-2023-46838
Description
Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security@xen.org https://xenbits.xenproject.org/xsa/advisory-448.html
security@xen.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGEKT4DKSDXDS34EL7M4UVJMMPH7Z3ZZ/
security@xen.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/
Mailing List https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
Mailing List https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
af854a3a-2127-422b-91ae-364da2661108 http://xenbits.xen.org/xsa/advisory-448.html

Match rules

CPE URI Source package Min version Max version
linux == consult Xen advisory XSA-448 == consult Xen advisory XSA-448

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
linux-lts 3.18-main 6.1.74-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
linux-lts 3.17-main 5.15.147-r1 Natanael Copa <ncopa@alpinelinux.org> fixed