CVE-2023-46838 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference32 documents8 sources

Severity

7.5HIGHNVD

OSV8.1OSV6.8

EPSS

0.1%

top 67.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora

Timeline

PublishedJan 29

Latest updateApr 17

Description

Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDlinux/linux_kernel4.14 — 4.19.306+6

▶Debianlinux/linux_kernel< 5.10.209-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-176.196+2

Also affects: Debian Linux 10.0, Fedora 38, 39

Patches

Patch: xenbits.xenproject.org ↗Patch: xenbits.xenproject.org ↗

🔴Vulnerability Details

OSV

linux-xilinx-zynqmp vulnerabilities↗2024-04-17

▶

OSV

linux-aws-6.5, linux-raspi vulnerabilities↗2024-04-16

▶

OSV

linux-iot vulnerabilities↗2024-04-16

▶

OSV

linux-aws, linux-aws-5.15 vulnerabilities↗2024-04-16

▶

OSV

linux, linux-aws, linux-azure, linux-azure-6.5, linux-gcp, linux-gcp-6.5, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-oracle-6.5, linux-↗2024-04-09

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Xilinx ZynqMP) vulnerabilities↗2024-04-17

▶

Ubuntu

Linux kernel vulnerabilities↗2024-04-16

▶

Ubuntu

Linux kernel (IoT) vulnerabilities↗2024-04-16

▶

Ubuntu

Linux kernel (AWS) vulnerabilities↗2024-04-16

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2024-04-09

▶