QID 357101

A flaw has been found in xen.
An unprivileged guest can cause denial of service (dos) of the host by sending network packets to the backend, causing the backend to crash. (
( CVE-2023-46838) an out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: reject tables of unsupported family); while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. (
( CVE-2023-6040) a null pointer dereference problem was found in ida_free in lib/idr.c in the linux kernel.
This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. (
( CVE-2023-6915) an out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the smb client sub-component in the linux kernel.
This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. (
( CVE-2024-0565) netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() (cve-2024-0607) an out-of-bounds memory write flaw was found in the linux kernel's transport layer security functionality in how a user calls a function splice with a ktls socket as the destination.
This flaw allows a local user to crash or potentially escalate their privileges on the system. (
( CVE-2024-0646)

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.