{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2023-46838","assignerOrgId":"23aa2041-22e1-471f-9209-9b7396fa234f","state":"PUBLISHED","assignerShortName":"XEN","dateReserved":"2023-10-27T07:55:35.332Z","datePublished":"2024-01-29T10:18:48.418Z","dateUpdated":"2025-11-04T18:18:51.507Z"},"containers":{"cna":{"title":"Linux: netback processing of zero-length transmit fragment","datePublic":"2024-01-22T18:30:00.000Z","descriptions":[{"lang":"en","value":"Transmit requests in Xen's virtual network protocol can consist of\nmultiple parts.  While not really useful, except for the initial part\nany of them may be of zero length, i.e. carry no data at all.  Besides a\ncertain initial portion of the to be transferred data, these parts are\ndirectly translated into what Linux calls SKB fragments.  Such converted\nrequest parts can, when for a particular SKB they are all of length\nzero, lead to a de-reference of NULL in core networking code."}],"impacts":[{"descriptions":[{"lang":"en","value":"An unprivileged guest can cause Denial of Service (DoS) of the host by\nsending network packets to the backend, causing the backend to crash.\n\nData corruption or privilege escalation have not been ruled out."}]}],"affected":[{"defaultStatus":"unknown","product":"Linux","vendor":"Linux","versions":[{"status":"unknown","version":"consult Xen advisory XSA-448"}]}],"configurations":[{"lang":"en","value":"All systems using a Linux based network backend with kernel 4.14 and\nnewer are vulnerable.  Earlier versions may also be vulnerable.  Systems\nusing other network backends are not known to be vulnerable."}],"workarounds":[{"lang":"en","value":"Using a userspace PV network backend (e.g. the qemu based \"qnic\" backend)\nwill mitigate the problem.\n\nUsing a dedicated network driver domain per guest will mitigate the\nproblem."}],"credits":[{"lang":"en","type":"finder","value":"This issue was discovered by Pratyush Yadav of Amazon."}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-448.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGEKT4DKSDXDS34EL7M4UVJMMPH7Z3ZZ/"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"}],"providerMetadata":{"orgId":"23aa2041-22e1-471f-9209-9b7396fa234f","shortName":"XEN","dateUpdated":"2024-06-27T12:06:46.609Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-448.html","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFYW6R64GPLUOXSQBJI3JBUX3HGLAYPP/","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGEKT4DKSDXDS34EL7M4UVJMMPH7Z3ZZ/","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]},{"url":"http://xenbits.xen.org/xsa/advisory-448.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T18:18:51.507Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"CWE-476 NULL Pointer Dereference"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-06-02T19:06:43.742416Z","id":"CVE-2023-46838","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-02T19:07:44.512Z"}}]},"dataVersion":"5.2"}