CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28702 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28702
06 Oct 2021 — PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. ... • http://www.openwall.com/lists/oss-security/2021/10/07/2 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28701 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28701
08 Sep 2021 — Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain... • http://www.openwall.com/lists/oss-security/2021/09/08/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28697 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28697
27 Aug 2021 — grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28698 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28698
27 Aug 2021 — long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starvi... • http://www.openwall.com/lists/oss-security/2021/09/01/2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28699 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28699
27 Aug 2021 — inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame n... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-28700 – Gentoo Linux Security Advisory 202208-23
https://notcve.org/view.php?id=CVE-2021-28700
27 Aug 2021 — xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. xen/arm: No se presenta un límite de memoria para dom0less domUs. La funcionalidad dom0less permite a un administrador crear múltiples dominios no privilegiado directamente desde Xen. Desafortunadamente, el límite de me... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28693 – Gentoo Linux Security Advisory 202107-30
https://notcve.org/view.php?id=CVE-2021-28693
30 Jun 2021 — xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm. xen/arm: Los módulos de arranque no se limpian. El cargador de arranque cargará los módulos de arranque (por ejemplo, kernel, initram... • https://security.gentoo.org/glsa/202107-30 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28690 – Debian Security Advisory 4931-1
https://notcve.org/view.php?id=CVE-2021-28690
28 Jun 2021 — x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. x86: Las protecciones TSX Async Abort no son restauradas después de S3. Este problema está relacionado con una vulnerabilidad de seguridad... • https://security.gentoo.org/glsa/202107-30 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28692 – Debian Security Advisory 4931-1
https://notcve.org/view.php?id=CVE-2021-28692
28 Jun 2021 — inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to fail overly-slow commands. The course of action upon a perceived timeout actually being det... • https://security.gentoo.org/glsa/202107-30 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-28687 – Gentoo Linux Security Advisory 202107-30
https://notcve.org/view.php?id=CVE-2021-28687
11 Jun 2021 — HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the stru... • https://security.gentoo.org/glsa/202107-30 • CWE-909: Missing Initialization of Resource •