← Back

CVE-2021-28039

nvd nist
Published: Mar 5, 2021Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Exploitability: 2.0 / Impact: 4.0
Source: NVD

Description

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.

Affected (4)

Linux
1 product
Linux Kernel
Xen
1 product
Xen
Netapp
2 products
Cloud Backup
Solidfire Baseboard Management Controller Firmware
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Linux Kernel
From 5.9.0 to 5.11.3
Xen
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Cloud Backup
All versions
Solidfire Baseboard Management Controller Firmware
All versions

Related CWEs

CWE-131
Incorrect Calculation of Buffer Size
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References (8)

Source: cve@mitre.org
Mailing ListPatchThird Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.