CVE-2021-28038 - log back

CVE-2021-28038 edited at 07 Mar 2021 12:38:29
Description
- An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
+ An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931. The issue is fixed in kernel versions 5.11.4 and 5.10.21.
References
https://xenbits.xen.org/xsa/advisory-367.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8310b77b48c5558c140e7a57a702e7819e62f04e
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.11.4&id=267c4911c9114e6e30be52546bf62a624a814da4
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.21&id=545c837d6789afcb23da5494a22e459952fb823f
CVE-2021-28038 edited at 05 Mar 2021 18:10:42
Description
- An issue was discovered in the Linux kernel as used by Xen. A malicious or buggy networking frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In a typical (non-disaggregated) system that is a host-wide denial of service (DoS). Linux versions from at least 2.6.39 onwards are vulnerable, when run in PV mode. Linux run in HVM / PVH modes is not vulnerable.
+ An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
CVE-2021-28038 edited at 05 Mar 2021 18:06:46
Description
- An issue was discovered in the Linux kernel as used by Xen. A malicious or buggy networking frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In a typical (non-disaggregated) system that is a host-wide denial of service (DoS).
+ An issue was discovered in the Linux kernel as used by Xen. A malicious or buggy networking frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In a typical (non-disaggregated) system that is a host-wide denial of service (DoS). Linux versions from at least 2.6.39 onwards are vulnerable, when run in PV mode. Linux run in HVM / PVH modes is not vulnerable.
CVE-2021-28038 edited at 05 Mar 2021 17:18:33
References
https://xenbits.xen.org/xsa/advisory-367.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/xen/p2m.c?id=8310b77b48c5558c140e7a57a702e7819e62f04e
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8310b77b48c5558c140e7a57a702e7819e62f04e
CVE-2021-28038 edited at 05 Mar 2021 17:15:11
References
- https://www.openwall.com/lists/oss-security/2021/03/05/1
+ https://xenbits.xen.org/xsa/advisory-367.html
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/xen/p2m.c?id=8310b77b48c5558c140e7a57a702e7819e62f04e
CVE-2021-28038 edited at 05 Mar 2021 17:14:32
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ An issue was discovered in the Linux kernel as used by Xen. A malicious or buggy networking frontend driver may be able to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver. In a typical (non-disaggregated) system that is a host-wide denial of service (DoS).
References
+ https://www.openwall.com/lists/oss-security/2021/03/05/1
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/arch/arm/xen/p2m.c?id=8310b77b48c5558c140e7a57a702e7819e62f04e
Notes
CVE-2021-28038 created at 05 Mar 2021 17:12:35