CVE-2023-46838

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 29, 2024
Updated: Jun 27, 2024
CWE ID 476

Summary

CVE-2023-46838 is a vulnerability in Xen's virtual network protocol where transmit requests can contain zero-length parts. These parts, which are directly translated into Linux SKB fragments, can lead to a NULL de-reference in core networking code when all of them have zero length. This issue may not be useful on its own, but it can potentially cause denial-of-service or more serious attacks if exploited effectively.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share