Lucene search

K

Veracode Vulnerability DatabaseVERACODE:40504

HistoryMay 14, 2023 - 4:16 a.m.

NULL Pointer Dereference

2023-05-1404:16:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

null pointer dereference

vulnerability

hypervisor routines

shadow page handling

guest control

pci device

EPSS

0

Percentile

14.7%

xen is vulnerable to NULL Pointer Dereference. The vulnerability occurs due to improper check in one of the hypervisor routines used for shadow page handling. This could allow a guest with a PCI device to pass through to cause the hypervisor to access an arbitrary pointer partially under guest control.

References

www.openwall.com/lists/oss-security/2023/04/25/1

xenbits.xen.org/xsa/advisory-430.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PSPFWSY6UOPGMADQGOGN2PAAS5LJRPTG/

lists.fedoraproject.org/archives/list/[email protected]/message/PSPFWSY6UOPGMADQGOGN2PAAS5LJRPTG/

secdb.alpinelinux.org/edge/main.yaml

secdb.alpinelinux.org/v3.18/main.yaml

security.gentoo.org/glsa/202402-07

xenbits.xenproject.org/xsa/advisory-430.txt

EPSS

0

Percentile

14.7%

Related for VERACODE:40504

osv2 prion1 ubuntucve1 xen1 cve1 openvas1 nvd1 debiancve1 nessus3 cvelist1 fedora1 gentoo1