CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28703 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2021-28703
07 Dec 2021 — grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing re... • https://security.gentoo.org/glsa/202402-07 •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28704 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2021-28704
24 Nov 2021 — PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28705 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2021-28705
24 Nov 2021 — issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 numbe... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28706 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2021-28706
24 Nov 2021 — guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound. Los huéspedes pueden exceder su límite de memoria designado Cuando a un huésped se le perm... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28707 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2021-28707
24 Nov 2021 — PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28708 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2021-28708
24 Nov 2021 — PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The i... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-28709 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2021-28709
24 Nov 2021 — issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 numbe... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28701 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28701
08 Sep 2021 — Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain... • http://www.openwall.com/lists/oss-security/2021/09/08/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28697 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28697
27 Aug 2021 — grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28698 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28698
27 Aug 2021 — long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starvi... • http://www.openwall.com/lists/oss-security/2021/09/01/2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •