Primary

Context

Linux Kernel Xen Netback NULL Pointer Dereference Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's Xen netback component can lead to a NULL pointer dereference, causing a crash. The issue arises in the 'xenvif_rx_next_skb()' function, which expects the receive (rx) queue to contain data. However, if 'xenvif_rx_action()' iterates multiple times without checking the rx queue's status, it can result in a crash by attempting to access an empty queue. This vulnerability has been observed in the 4.12.14-122.121-default version on SUSE Linux Enterprise Server 12 SP5.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, causing a denial of service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Xen Netback NULL Pointer Dereference Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating