CVE-2023-46838

CVSS v3.1 7.5 (High)

EPSS 0.05 % (19^th)

Affected Products 3

Advisories 29

NVD Status Analyzed

Transmit requests in Xen's virtual network protocol can consist of
multiple parts. While not really useful, except for the initial part
any of them may be of zero length, i.e. carry no data at all. Besides a
certain initial portion of the to be transferred data, these parts are
directly translated into what Linux calls SKB fragments. Such converted
request parts can, when for a particular SKB they are all of length
zero, lead to a de-reference of NULL in core networking code.

Weaknesses

CWE-476: NULL Pointer Dereference

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: Xen Project
Published Date: 2024-01-29 11:15:07
(7 months ago)
Updated Date: 2024-08-27 19:25:43
(2 weeks ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.14 version and prior 4.19.306 version	cpe:2.3:o:linux:linux_kernel	>= 4.14	< 4.19.306
Linux Kernel from 4.20 version and prior 5.4.268 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.4.268
Linux Kernel from 5.5 version and prior 5.10.209 version	cpe:2.3:o:linux:linux_kernel	>= 5.5	< 5.10.209
Linux Kernel from 5.11 version and prior 5.15.148 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.15.148
Linux Kernel from 5.16 version and prior 6.1.75 version	cpe:2.3:o:linux:linux_kernel	>= 5.16	< 6.1.75
Linux Kernel from 6.2 version and prior 6.6.14 version	cpe:2.3:o:linux:linux_kernel	>= 6.2	< 6.6.14
Linux Kernel from 6.7 version and prior 6.7.2 version	cpe:2.3:o:linux:linux_kernel	>= 6.7	< 6.7.2

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 38	cpe:2.3:o:fedoraproject:fedora:38
	Fedoraproject Fedora 39	cpe:2.3:o:fedoraproject:fedora:39

Configuration #3

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Weaknesses

Affected Products

Debian

Fedoraproject

Linux

Configuration #1

Configuration #2

Configuration #3