CVE-2021-28688
Vulnerability from cvelistv5
Published
2021-04-06 18:07
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@xen.org | https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | Third Party Advisory | |
| security@xen.org | https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Third Party Advisory | |
| security@xen.org | https://xenbits.xenproject.org/xsa/advisory-371.txt | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://xenbits.xenproject.org/xsa/advisory-371.txt | Patch, Third Party Advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:33.121Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://xenbits.xenproject.org/xsa/advisory-371.txt", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Linux", vendor: "Linux", versions: [ { lessThan: "4.12", status: "unknown", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "3.11", versionType: "custom", }, { lessThan: "unspecified", status: "unaffected", version: "next of 4.3", versionType: "custom", }, ], }, { product: "Linux", vendor: "Linux", versions: [ { status: "affected", version: "5.11.1", }, ], }, { product: "Linux", vendor: "Linux", versions: [ { status: "affected", version: "5.12-rc", }, ], }, { product: "Linux", vendor: "Linux", versions: [ { status: "affected", version: "5.10.18", }, ], }, { product: "Linux", vendor: "Linux", versions: [ { lessThan: "4.12", status: "unknown", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "unknown", version: "4.4", versionType: "custom", }, { lessThan: "unspecified", status: "unaffected", version: "next of 5.9", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Nicolai Stange of SUSE.'}]}}}", }, ], descriptions: [ { lang: "en", value: "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.", }, ], metrics: [ { other: { content: { description: { description_data: [ { lang: "eng", value: "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS).", }, ], }, }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { description: "unknown", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-23T01:08:09", orgId: "23aa2041-22e1-471f-9209-9b7396fa234f", shortName: "XEN", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://xenbits.xenproject.org/xsa/advisory-371.txt", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@xen.org", ID: "CVE-2021-28688", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Linux", version: { version_data: [ { version_affected: "?<", version_value: "4.12", }, { version_affected: ">=", version_value: "3.11", }, { version_affected: "!>", version_value: "4.3", }, ], }, }, { product_name: "Linux", version: { version_data: [ { version_value: "5.11.1", }, ], }, }, { product_name: "Linux", version: { version_data: [ { version_value: "5.12-rc", }, ], }, }, { product_name: "Linux", version: { version_data: [ { version_value: "5.10.18", }, ], }, }, { product_name: "Linux", version: { version_data: [ { version_affected: "?<", version_value: "4.12", }, { version_affected: "?>=", version_value: "4.4", }, { version_affected: "!>", version_value: "5.9", }, ], }, }, ], }, vendor_name: "Linux", }, ], }, }, configuration: { configuration_data: { description: { description_data: [ { lang: "eng", value: "All Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11.", }, ], }, }, }, credit: { credit_data: { description: { description_data: [ { lang: "eng", value: "This issue was discovered by Nicolai Stange of SUSE.", }, ], }, }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.", }, ], }, impact: { impact_data: { description: { description_data: [ { lang: "eng", value: "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS).", }, ], }, }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "unknown", }, ], }, ], }, references: { reference_data: [ { name: "https://xenbits.xenproject.org/xsa/advisory-371.txt", refsource: "MISC", url: "https://xenbits.xenproject.org/xsa/advisory-371.txt", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, ], }, workaround: { workaround_data: { description: { description_data: [ { lang: "eng", value: "Reconfiguring guests to use alternative (e.g. qemu-based) backends may\navoid the vulnerability.\n\nAvoiding the use of persistent grants will also avoid the vulnerability.\nThis can be achieved by passing the \"feature_persistent=0\" module option\nto the xen-blkback driver.", }, ], }, }, }, }, }, }, cveMetadata: { assignerOrgId: "23aa2041-22e1-471f-9209-9b7396fa234f", assignerShortName: "XEN", cveId: "CVE-2021-28688", datePublished: "2021-04-06T18:07:41", dateReserved: "2021-03-18T00:00:00", dateUpdated: "2024-08-03T21:47:33.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2021-28688\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2021-04-06T19:15:14.863\",\"lastModified\":\"2024-11-21T06:00:08.800\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.\"},{\"lang\":\"es\",\"value\":\"La solución para XSA-365 incluye la inicialización de punteros de modo que el código de limpieza posterior no utilice valores no inicializados o obsoletos. Esta inicialización fue demasiado lejos y, en determinadas condiciones, también puede sobrescribir los punteros que están requiriendo una limpieza. La falta de limpieza resultaría en fugas de subsidios persistentes. A su vez, la filtración impediría a una limpieza completa después de que un invitado respectivo haya terminado, dejando dominios zombies. Todas las versiones de Linux que presentan la corrección para XSA-365 aplicada son vulnerables. XSA-365 se clasificó para afectar a las versiones de al menos 3.11\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-665\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.11\",\"versionEndIncluding\":\"5.10.18\",\"matchCriteriaId\":\"C9F05E8C-CEFC-4C34-9B1F-E9D1E8DC098B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\",\"source\":\"security@xen.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\",\"source\":\"security@xen.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-371.txt\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-371.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.