[XSA-457] Linux/xen-netfront: Memory leak due to missing cleanup function
Affected Packages
1
CVEs
1
ISSUE DESCRIPTION
In netfront, xennet_alloc_one_rx_buffer() failed to call the
appropriate clean-up function, resulting in a memory leak.
IMPACT
A malicious guest userspace process can exhaust memory resources
within the guest kernel, potentially leading to a guest crash (Denial
of Service). It is not known whether it can be triggered remotely.
VULNERABLE SYSTEMS
Systems with guests running Linux 5.9 and later with Xen PV network
devices are affected.
| Package | Affected Version |
|---|---|
 pkg:generic/xen
|
= 5.9 |
- ID
- XSA-457
- URL
- http://xenbits.xen.org/xsa/advisory-457.html
- Published
-
2024-05-07T17:11:00
(12 days ago) - Modified
-
2024-05-07T17:11:00
(12 days ago) - Rights
- Xen Project
| Source | # ID | Name | URL |
|---|---|---|---|
| Xen Project | XSA-457 | Security Advisory |
|
| Xen Project | XSA-457 | Signed Security Advisory |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:generic/xen | xen | = 5.9 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |