Описание
[REJECTED CVE] A vulnerability was identified in the Linux kernel’s xen-blkfront driver, where failing to fully initialize a virtual block device (VBD) before detaching it could lead to a NULL pointer dereference due to gendisk being NULL. An attacker with control over a guest VM could exploit this by attaching an invalid or non-existent backend device and then detaching it, triggering a kernel crash or denial of service in the host through a NULL dereference during cleanup in blkfront_closing().
Отчет
This CVE has been rejected upstream: https://lore.kernel.org/linux-cve-announce/2025022602-REJECTED-aafa@gregkh/
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Out of support scope | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Показывать по
Дополнительная информация
Статус:
5.5 Medium
CVSS3
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5 Medium
CVSS3