CVE-2021-26930

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 17-02-2021 02:15

Last modified: - 26-10-2022 01:44

Total changes: - 10

Description

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

Reference

http://xenbits.xen.org/xsa/advisory-365.html
FEDORA-2021-8d45d297c6-Mailing List, Patch, Third Party Advisory
FEDORA-2021-7143aca8cb-Mailing List, Patch, Third Party Advisory
[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update-Mailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20210326-0001/
[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update-Mailing List, Third Party Advisory

Keywords

CVE-2021-26930

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-26930

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures