CVE-2021-28039

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-03-2021 07:15

Last modified: - 20-05-2022 10:47

Total changes: - 4

Description

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Changed

Scope

None

User interaction

6.5

Base score

2.0

4.0

Exploitability score

Impact score

Verification logic

vendor=netapp AND product=cloud_backup AND version=-

vendor=netapp AND product=solidfire_baseboard_management_controller_firmware AND version=-

Reference

http://xenbits.xen.org/xsa/advisory-369.html
[oss-security] 20210305 Xen Security Advisory 369 v2 (CVE-2021-28039) - Linux: special config may crash when trying to map foreign pages-Mailing List, Patch, Third Party Advisory
https://security.netapp.com/advisory/ntap-20210409-0001/

Keywords

CVE-2021-28039

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-28039

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures