The update addresses a security issue in the Linux kernel of XCP-ng’s control domain. This issue allowed a guest with limited privileges to send special network packets that could crash the network system in XCP-ng. While the crash only occurred in specific situations, several users reported the issue and it was discovered that others in the community were experiencing similar problems. This led to collaboration within the community to investigate and resolve the issue.
The vulnerability that was fixed is known as XSA-448 and is identified as CVE-2023-46838. This vulnerability allowed an unprivileged guest to launch a Denial of Service (DoS) attack on the host system by sending certain network packets to the backend, causing it to crash. This vulnerability was particularly observed when using pfSense with WireGuard, resulting in random crashes of the host system.