Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:29504
HistoryFeb 26, 2021 - 2:11 a.m.

Arbitrary Code Execution

2021-02-2602:11:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14

0.0004 Low

EPSS

Percentile

14.2%

linux is vulnerable to arbitrary code execution. The vulnerabilitye exists as the kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.