"value":"Systems using Linux version 5.5 or newer are vulnerable."
}
]
}
}
},
"credit":{
"credit_data":{
"description":{
"description_data":[
{
"lang":"eng",
"value":"This issue was discovered by Michael Brown of iPXE and diagnosed by\nOlivier Benjamin, Michael Kurth and Martin Mazein of AWS."
}
]
}
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
{
"lang":"eng",
"value":"Guest triggered use-after-free in Linux xen-netback\n\nA malicious or buggy network PV frontend can force Linux netback to\ndisable the interface and terminate the receive kernel thread\nassociated with queue 0 in response to the frontend sending a\nmalformed packet.\n\nSuch kernel thread termination will lead to a use-after-free in Linux\nnetback when the backend is destroyed, as the kernel thread associated\nwith queue 0 will have already exited and thus the call to\nkthread_stop will be performed against a stale pointer."
}
]
},
"impact":{
"impact_data":{
"description":{
"description_data":[
{
"lang":"eng",
"value":"A malicious or buggy frontend driver can trigger a dom0 crash.\nPrivilege escalation and information leaks cannot be ruled out."
"value":"On x86 running only HVM guests with emulated network cards will avoid the\nissue. There's however no option in the upstream toolstack to offer only\nemulated network cards to guests."
