CVE-2021-26931 - log back

CVE-2021-26931 edited at 23 Feb 2021 19:54:20
Description
- An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
+ An issue was discovered in the Linux kernel 2.6.39 up to 5.10.17, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
CVE-2021-26931 edited at 23 Feb 2021 19:47:52
References
https://xenbits.xen.org/xsa/advisory-362.html
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.1&id=ea26c8d0f31a7fd14c3e150474b5befb9757555e
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.1&id=c87e9ee18fd9697b489fbb9a0be56ba2902bc048
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.1&id=790f464ee0251dae1dcdb5cfb18ab54d881a6886
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.18&id=8f8ebd6b1cb5cff96a11cd336027e745d48c2cab
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.18&id=2814b3aa38a679c63aa535355b02a5bd0f681a83
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.18&id=9bea436fc3fc9a820b8b34e83708971c1813b892
CVE-2021-26931 edited at 17 Feb 2021 14:07:50
Description
+ An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
- A security issue was found in the Xen module of the Linux kernel. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests, like out of memory conditions, it isn't correct to assume so. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though.
-
- A malicious or buggy frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver.
CVE-2021-26931 edited at 16 Feb 2021 15:56:53
References
+ https://xenbits.xen.org/xsa/advisory-362.html
- https://www.openwall.com/lists/oss-security/2021/02/16/4
- https://www.openwall.com/lists/oss-security/2021/02/16/4/1
CVE-2021-26931 edited at 16 Feb 2021 15:52:23
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A security issue was found in the Xen module of the Linux kernel. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests, like out of memory conditions, it isn't correct to assume so. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though.
+
+ A malicious or buggy frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver.
References
+ https://www.openwall.com/lists/oss-security/2021/02/16/4
+ https://www.openwall.com/lists/oss-security/2021/02/16/4/1
Notes
CVE-2021-26931 created at 16 Feb 2021 15:43:36