CVE-2021-28039
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
Se detectó un problema en el kernel de Linux versiones 5.9.x hasta 5.11.3, como es usada con Xen. En algunas configuraciones menos comunes, un usuario de Sistema Operativo invitado PV x86 puede bloquear un dominio de controlador o Dom0 por medio de una gran cantidad de actividad de I/O. El problema se relaciona con el uso indebido de las direcciones físicas de invitados cuando una configuración presenta CONFIG_XEN_UNPOPULATED_ALLOC pero no CONFIG_XEN_BALLOON_MEMORY_HOTPLUG
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-05 CVE Reserved
- 2021-03-05 CVE Published
- 2024-03-25 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-131: Incorrect Calculation of Buffer Size
CAPEC
References (4)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2021/03/05/2 | 2024-03-25 | |
http://xenbits.xen.org/xsa/advisory-369.html | 2024-03-25 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.9.0 <= 5.11.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9.0 <= 5.11.3" | x86 |
Affected
| ||||||
Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware" | - | - |
Affected
|