cnvd - cnvd-2021-37766

cnvd-2021-37766

Vulnerability from cnvd

Title: Citrix Hypervisor拒绝服务漏洞

Description:

Citrix Systems Hypervisor是美国思杰系统（Citrix Systems）公司的一个应用程序。用于简化操作管理，确保为密集型工作负载提供高清用户体验。

Citrix Hypervisor 存在安全漏洞，攻击者可利用该漏洞在主机系统上触发拒绝服务。

Severity: 低

Patch Name: Citrix Hypervisor拒绝服务漏洞的补丁

Patch Description:

Citrix Systems Hypervisor是美国思杰系统（Citrix Systems）公司的一个应用程序。用于简化操作管理，确保为密集型工作负载提供高清用户体验。

Citrix Hypervisor 存在安全漏洞，攻击者可利用该漏洞在主机系统上触发拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.citrix.com/article/CTX306565

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-28688

Impacted products

Name
Citrix Systems Citrix Hypervisor

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-28688"
    }
  },
  "description": "Citrix Systems Hypervisor\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u4e8e\u7b80\u5316\u64cd\u4f5c\u7ba1\u7406\uff0c\u786e\u4fdd\u4e3a\u5bc6\u96c6\u578b\u5de5\u4f5c\u8d1f\u8f7d\u63d0\u4f9b\u9ad8\u6e05\u7528\u6237\u4f53\u9a8c\u3002\n\nCitrix Hypervisor \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e3b\u673a\u7cfb\u7edf\u4e0a\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.citrix.com/article/CTX306565",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-37766",
  "openTime": "2021-05-28",
  "patchDescription": "Citrix Systems Hypervisor\u662f\u7f8e\u56fd\u601d\u6770\u7cfb\u7edf\uff08Citrix Systems\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u7a0b\u5e8f\u3002\u7528\u4e8e\u7b80\u5316\u64cd\u4f5c\u7ba1\u7406\uff0c\u786e\u4fdd\u4e3a\u5bc6\u96c6\u578b\u5de5\u4f5c\u8d1f\u8f7d\u63d0\u4f9b\u9ad8\u6e05\u7528\u6237\u4f53\u9a8c\u3002\r\n\r\nCitrix Hypervisor \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e3b\u673a\u7cfb\u7edf\u4e0a\u89e6\u53d1\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Citrix Hypervisor\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Citrix Systems Citrix Hypervisor"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-28688",
  "serverity": "\u4f4e",
  "submitTime": "2021-04-06",
  "title": "Citrix Hypervisor\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2021-28688 (GCVE-0-2021-28688)

Vulnerability from cvelistv5

Published

2021-04-06 18:07

Modified

2024-08-03 21:47

Severity ?

CWE

unknown

Summary

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.

References

▼	URL	Tags
	https://xenbits.xenproject.org/xsa/advisory-371.txt	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html	mailing-list, x_refsource_MLIST

Impacted products

Vendor

Product

Version

▼

Linux

Version: 3.11 < unspecified
Patch: next of 4.3

Linux	Linux	Version: 5.11.1
Linux	Linux	Version: 5.12-rc
Linux	Linux	Version: 5.10.18
Linux	Linux	Patch: next of 5.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:47:33.121Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.12",
              "status": "unknown",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "3.11",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unaffected",
              "version": "next of 4.3",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11.1"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12-rc"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10.18"
            }
          ]
        },
        {
          "product": "Linux",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.12",
              "status": "unknown",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unknown",
              "version": "4.4",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "unaffected",
              "version": "next of 5.9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "{\u0027credit_data\u0027: {\u0027description\u0027: {\u0027description_data\u0027: [{\u0027lang\u0027: \u0027eng\u0027, \u0027value\u0027: \u0027This issue was discovered by Nicolai Stange of SUSE.\u0027}]}}}"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn\u0027t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "description": {
                "description_data": [
                  {
                    "lang": "eng",
                    "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver.  This can result in a host-wide\nDenial of Sevice (DoS)."
                  }
                ]
              }
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unknown",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-23T01:08:09",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@xen.org",
          "ID": "CVE-2021-28688",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003c",
                            "version_value": "4.12"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "3.11"
                          },
                          {
                            "version_affected": "!\u003e",
                            "version_value": "4.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.11.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.12-rc"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.10.18"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Linux",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "?\u003c",
                            "version_value": "4.12"
                          },
                          {
                            "version_affected": "?\u003e=",
                            "version_value": "4.4"
                          },
                          {
                            "version_affected": "!\u003e",
                            "version_value": "5.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "configuration": {
          "configuration_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11."
                }
              ]
            }
          }
        },
        "credit": {
          "credit_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This issue was discovered by Nicolai Stange of SUSE."
                }
              ]
            }
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn\u0027t use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."
            }
          ]
        },
        "impact": {
          "impact_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver.  This can result in a host-wide\nDenial of Sevice (DoS)."
                }
              ]
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unknown"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xenproject.org/xsa/advisory-371.txt",
              "refsource": "MISC",
              "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
            }
          ]
        },
        "workaround": {
          "workaround_data": {
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reconfiguring guests to use alternative (e.g. qemu-based) backends may\navoid the vulnerability.\n\nAvoiding the use of persistent grants will also avoid the vulnerability.\nThis can be achieved by passing the \"feature_persistent=0\" module option\nto the xen-blkback driver."
                }
              ]
            }
          }
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2021-28688",
    "datePublished": "2021-04-06T18:07:41",
    "dateReserved": "2021-03-18T00:00:00",
    "dateUpdated": "2024-08-03T21:47:33.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted