CVE-2023-46838

Updated: 2024-02-15 19:55:21.804164

Description:

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 7.5 HIGH In Testing 2024-02-28 08:40:04
AlmaLinux 9.2 FIPS kernel 5.14.0 7.5 HIGH In Testing 2024-02-28 08:40:04
CentOS 8.4 ELS kernel 4.18.0 7.5 HIGH Not Vulnerable 2024-02-03 20:44:33
CentOS 8.5 ELS kernel 4.18.0 7.5 HIGH Not Vulnerable 2024-02-07 10:08:25
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.5 HIGH Released CLSA-2024:1708095092 2024-02-16 10:08:49
Ubuntu 16.04 ELS linux 4.4.0 7.5 HIGH Released CLSA-2024:1708094049 2024-02-17 10:08:15
Ubuntu 18.04 ELS linux 4.15.0 7.5 HIGH Released CLSA-2024:1708171036 2024-02-17 08:26:01