CVE-2021-28038

Published: Mar 5, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.

Affected (12)

Products: Linux: Linux Kernel · Debian: Debian Linux · Netapp: Cloud Backup, Solidfire Baseboard Management Controller Firmware

1 product

1 product

2 products

Solidfire Baseboard Management Controller Firmware

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.39 to 4.4.260
Linux Linux Kernel	From 4.10.0 to 4.14.224
Linux Linux Kernel	From 4.15.0 to 4.19.179
Linux Linux Kernel	From 4.20.0 to 5.4.103
Linux Linux Kernel	From 4.5.0 to 4.9.260
Linux Linux Kernel	From 5.10.0 to 5.10.21
Linux Linux Kernel	From 5.11.0 to 5.11.4
Linux Linux Kernel	Version 5.12 rc1
Linux Linux Kernel	Version 5.12 rc2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Cloud Backup	All versions
Netapp Solidfire Baseboard Management Controller Firmware	All versions

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (12)

http://www.openwall.com/lists/oss-security/2021/03/05/1

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://xenbits.xen.org/xsa/advisory-367.html

Source: cve@mitre.org

PatchVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

Source: cve@mitre.org

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210409-0001/

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/03/05/1

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://xenbits.xen.org/xsa/advisory-367.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210409-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.