Main Vulnerability Database SB2024051049

SB2024051049 - Memory leak in Xen netback

Published: May 10, 2024

Security Bulletin ID SB2024051049

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2024-27393)

The vulnerability allows a malicious guest to perform DoS attack on the target system.

The vulnerability exists due memory leak within the xennet_alloc_one_rx_buffer() function in xen-netback implementation. A malicious guest userspace process can exhaust memory resources within the guest kernel and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://xenbits.xen.org/xsa/advisory-457.html