CVE-2021-26930 - log back

CVE-2021-26930 edited at 23 Feb 2021 19:54:02
Description
- An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
+ An issue was discovered in the Linux kernel 3.11 up to 5.10.17, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
CVE-2021-26930 edited at 23 Feb 2021 19:45:32
References
https://xenbits.xen.org/xsa/advisory-365.html
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.1&id=1ef2744ab96362188ec61b5f9243161bab462126
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.18&id=00805af45a21729e2901a37914992786a0d32c46
CVE-2021-26930 edited at 17 Feb 2021 14:07:31
Description
+ An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.
- A security issue was found in the xen-blkback driver of the Linux kernel. To service requests, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated, preventing safe recovery from the error.
-
- A malicious or buggy frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In configurations without driver domains or similar disaggregation, that is a host-wide denial of sevice. Privilege escalation and information leaks cannot be ruled out.
CVE-2021-26930 edited at 16 Feb 2021 15:56:19
References
+ https://xenbits.xen.org/xsa/advisory-365.html
- https://www.openwall.com/lists/oss-security/2021/02/16/6
- https://www.openwall.com/lists/oss-security/2021/02/16/6/1
CVE-2021-26930 edited at 16 Feb 2021 15:48:01
Description
- A security issue was found in the Linux kernel. To service requests, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated, preventing safe recovery from the error.
+ A security issue was found in the xen-blkback driver of the Linux kernel. To service requests, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated, preventing safe recovery from the error.
A malicious or buggy frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In configurations without driver domains or similar disaggregation, that is a host-wide denial of sevice. Privilege escalation and information leaks cannot be ruled out.
CVE-2021-26930 edited at 16 Feb 2021 15:46:10
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue was found in the Linux kernel. To service requests, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case internal state would be insufficiently updated, preventing safe recovery from the error.
+
+ A malicious or buggy frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In configurations without driver domains or similar disaggregation, that is a host-wide denial of sevice. Privilege escalation and information leaks cannot be ruled out.
References
+ https://www.openwall.com/lists/oss-security/2021/02/16/6
+ https://www.openwall.com/lists/oss-security/2021/02/16/6/1
Notes
CVE-2021-26930 created at 16 Feb 2021 15:43:36