[XSA-367] Linux: netback fails to honor grant mapping errors

Severity Medium

Affected Packages 1

CVEs 1

ISSUE DESCRIPTION

XSA-362 tried to address issues here, but in the case of the netback
driver the changes were insufficient: It left the relevant function
invocation with, effectively, no error handling at all. As a result,
memory allocation failures there could still lead to frontend-induced
crashes of the backend.

IMPACT

A malicious or buggy networking frontend driver may be able to crash
the corresponding backend driver, potentially affecting the entire
domain running the backend driver. In a typical (non-disaggregated)
system that is a host-wide denial of service (DoS).

VULNERABLE SYSTEMS

Linux versions from at least 2.6.39 onwards are vulnerable, when run in
PV mode. Earlier versions differ significantly in behavior and may
therefore instead surface other issues under the same conditions. Linux
run in HVM / PVH modes is not vulnerable.

Package	Affected Version
pkg:generic/xen	= 5.12-rc

ID

XSA-367

Severity

medium

Severity from

CVE-2021-28038

URL

http://xenbits.xen.org/xsa/advisory-367.html

Published

2021-03-04T10:39:00
(3 years ago)

Modified

2021-03-04T10:39:00
(3 years ago)

Rights

Xen Project

Other Advisories

Source	# ID	Name	URL
Xen Project	XSA-367	Security Advisory	http://xenbits.xen.org/xsa/advisory-367.html
Xen Project	XSA-367	Signed Security Advisory	http://xenbits.xen.org/xsa/advisory-367.txt

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:generic/xen		xen	= 5.12-rc

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date