cve-2021-28701
Vulnerability from cvelistv5
Published
2021-09-08 13:02
Modified
2024-08-03 21:47
Severity ?
Summary
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.
References
security@xen.orghttp://www.openwall.com/lists/oss-security/2021/09/08/2Mailing List, Third Party Advisory
security@xen.orghttp://xenbits.xen.org/xsa/advisory-384.htmlVendor Advisory
security@xen.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/
security@xen.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/
security@xen.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/
security@xen.orghttps://security.gentoo.org/glsa/202208-23Third Party Advisory
security@xen.orghttps://www.debian.org/security/2021/dsa-4977Third Party Advisory
security@xen.orghttps://xenbits.xenproject.org/xsa/advisory-384.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/09/08/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-384.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202208-23Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4977Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://xenbits.xenproject.org/xsa/advisory-384.txtVendor Advisory
Impacted products
Vendor Product Version
Xen xen Version: 4.11.x
Xen xen Version: 4.12.x   < unspecified
Patch: next of 4.14.x
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T21:47:33.200Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://xenbits.xenproject.org/xsa/advisory-384.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://xenbits.xen.org/xsa/advisory-384.html",
               },
               {
                  name: "[oss-security] 20210908 Xen Security Advisory 384 v3 (CVE-2021-28701) - Another race in XENMAPSPACE_grant_table handling",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2021/09/08/2",
               },
               {
                  name: "FEDORA-2021-11577e5229",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/",
               },
               {
                  name: "FEDORA-2021-fed53cbc7d",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/",
               },
               {
                  name: "DSA-4977",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2021/dsa-4977",
               },
               {
                  name: "FEDORA-2021-5a0c7bc619",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/",
               },
               {
                  name: "GLSA-202208-23",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202208-23",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "xen",
               vendor: "Xen",
               versions: [
                  {
                     lessThan: "4.12",
                     status: "unknown",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.15.x",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unaffected",
                     version: "next of xen-unstable",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "xen",
               vendor: "Xen",
               versions: [
                  {
                     status: "affected",
                     version: "4.11.x",
                  },
               ],
            },
            {
               product: "xen",
               vendor: "Xen",
               versions: [
                  {
                     lessThan: "4.12",
                     status: "unknown",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.12.x",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "unaffected",
                     version: "next of 4.14.x",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Julien Grall of Amazon.'}]}}}",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     description: {
                        description_data: [
                           {
                              lang: "eng",
                              value: "A malicious guest may be able to elevate its privileges to that of the\nhost, cause host or guest Denial of Service (DoS), or cause information\nleaks.",
                           },
                        ],
                     },
                  },
                  type: "unknown",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "unknown",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-14T20:11:46",
            orgId: "23aa2041-22e1-471f-9209-9b7396fa234f",
            shortName: "XEN",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://xenbits.xenproject.org/xsa/advisory-384.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://xenbits.xen.org/xsa/advisory-384.html",
            },
            {
               name: "[oss-security] 20210908 Xen Security Advisory 384 v3 (CVE-2021-28701) - Another race in XENMAPSPACE_grant_table handling",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2021/09/08/2",
            },
            {
               name: "FEDORA-2021-11577e5229",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/",
            },
            {
               name: "FEDORA-2021-fed53cbc7d",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/",
            },
            {
               name: "DSA-4977",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2021/dsa-4977",
            },
            {
               name: "FEDORA-2021-5a0c7bc619",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/",
            },
            {
               name: "GLSA-202208-23",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202208-23",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@xen.org",
               ID: "CVE-2021-28701",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "xen",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "?<",
                                          version_value: "4.12",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.15.x",
                                       },
                                       {
                                          version_affected: "!>",
                                          version_value: "xen-unstable",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "xen",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "4.11.x",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "xen",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "?<",
                                          version_value: "4.12",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.12.x",
                                       },
                                       {
                                          version_affected: "!>",
                                          version_value: "4.14.x",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Xen",
                     },
                  ],
               },
            },
            configuration: {
               configuration_data: {
                  description: {
                     description_data: [
                        {
                           lang: "eng",
                           value: "All Xen versions from 4.0 onwards are affected.  Xen versions 3.4 and\nolder are not affected.\n\nOnly x86 HVM and PVH guests permitted to use grant table version 2\ninterfaces can leverage this vulnerability.  x86 PV guests cannot\nleverage this vulnerability.  On Arm, grant table v2 use is explicitly\nunsupported.",
                        },
                     ],
                  },
               },
            },
            credit: {
               credit_data: {
                  description: {
                     description_data: [
                        {
                           lang: "eng",
                           value: "This issue was discovered by Julien Grall of Amazon.",
                        },
                     ],
                  },
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.",
                  },
               ],
            },
            impact: {
               impact_data: {
                  description: {
                     description_data: [
                        {
                           lang: "eng",
                           value: "A malicious guest may be able to elevate its privileges to that of the\nhost, cause host or guest Denial of Service (DoS), or cause information\nleaks.",
                        },
                     ],
                  },
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "unknown",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://xenbits.xenproject.org/xsa/advisory-384.txt",
                     refsource: "MISC",
                     url: "https://xenbits.xenproject.org/xsa/advisory-384.txt",
                  },
                  {
                     name: "http://xenbits.xen.org/xsa/advisory-384.html",
                     refsource: "CONFIRM",
                     url: "http://xenbits.xen.org/xsa/advisory-384.html",
                  },
                  {
                     name: "[oss-security] 20210908 Xen Security Advisory 384 v3 (CVE-2021-28701) - Another race in XENMAPSPACE_grant_table handling",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2021/09/08/2",
                  },
                  {
                     name: "FEDORA-2021-11577e5229",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/",
                  },
                  {
                     name: "FEDORA-2021-fed53cbc7d",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/",
                  },
                  {
                     name: "DSA-4977",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2021/dsa-4977",
                  },
                  {
                     name: "FEDORA-2021-5a0c7bc619",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/",
                  },
                  {
                     name: "GLSA-202208-23",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202208-23",
                  },
               ],
            },
            workaround: {
               workaround_data: {
                  description: {
                     description_data: [
                        {
                           lang: "eng",
                           value: "Running only PV guests will avoid this vulnerability.\n\nSuppressing use of grant table v2 interfaces for HVM or PVH guests will\nalso avoid this vulnerability.",
                        },
                     ],
                  },
               },
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "23aa2041-22e1-471f-9209-9b7396fa234f",
      assignerShortName: "XEN",
      cveId: "CVE-2021-28701",
      datePublished: "2021-09-08T13:02:28",
      dateReserved: "2021-03-18T00:00:00",
      dateUpdated: "2024-08-03T21:47:33.200Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2021-28701\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2021-09-08T14:15:08.547\",\"lastModified\":\"2024-11-21T06:00:10.450\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.\"},{\"lang\":\"es\",\"value\":\"Otra carrera en el manejo de la función XENMAPSPACE_grant_table de los Huéspedes, se les permite el acceso a determinadas páginas de memoria propiedad de Xen. La mayoría de estas páginas permanecen asignadas / asociadas a un huésped durante toda su vida. Las páginas de estado de la tabla Grant v2, sin embargo, se desasignan cuando un huésped cambia (de nuevo) de v2 a v1. Una liberación de dichas páginas requiere que el hipervisor haga cumplir que ninguna petición paralela pueda resultar en la adición de un mapeo de dicha página a un huésped. Esta aplicación no existía, permitiendo a los huéspedes mantener el acceso a las páginas liberadas y quizás reusarlas para otros fines. Desafortunadamente, cuando fue preparada la XSA-379, no se advirtió este problema similar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.1,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"matchCriteriaId\":\"3E095C1C-0DC6-4380-9333-477B13273E9E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/08/2\",\"source\":\"security@xen.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-384.html\",\"source\":\"security@xen.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/\",\"source\":\"security@xen.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/\",\"source\":\"security@xen.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/\",\"source\":\"security@xen.org\"},{\"url\":\"https://security.gentoo.org/glsa/202208-23\",\"source\":\"security@xen.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4977\",\"source\":\"security@xen.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-384.txt\",\"source\":\"security@xen.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/08/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-384.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4977\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-384.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the vulnerability lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.