[XSA-367] Linux: netback fails to honor grant mapping errors
ISSUE DESCRIPTION
XSA-362 tried to address issues here, but in the case of the netback
driver the changes were insufficient: It left the relevant function
invocation with, effectively, no error handling at all. As a result,
memory allocation failures there could still lead to frontend-induced
crashes of the backend.
IMPACT
A malicious or buggy networking frontend driver may be able to crash
the corresponding backend driver, potentially affecting the entire
domain running the backend driver. In a typical (non-disaggregated)
system that is a host-wide denial of service (DoS).
VULNERABLE SYSTEMS
Linux versions from at least 2.6.39 onwards are vulnerable, when run in
PV mode. Earlier versions differ significantly in behavior and may
therefore instead surface other issues under the same conditions. Linux
run in HVM / PVH modes is not vulnerable.
Package | Affected Version |
---|---|
pkg:generic/xen | = 5.12-rc |
- ID
- XSA-367
- Severity
- medium
- Severity from
- CVE-2021-28038
- URL
- http://xenbits.xen.org/xsa/advisory-367.html
- Published
-
2021-03-04T10:39:00
(3 years ago) - Modified
-
2021-03-04T10:39:00
(3 years ago) - Rights
- Xen Project
- Other Advisories
-
- ALAS-2021-1487
- ALAS2-2021-1616
- ELSA-2021-9172
- ELSA-2021-9175
- ELSA-2021-9215
- ELSA-2021-9220
- ELSA-2021-9221
- openSUSE-SU-2021:0532-1
- openSUSE-SU-2021:0758-1
- openSUSE-SU-2021:1975-1
- openSUSE-SU-2021:1977-1
- SUSE-SU-2021:1175-1
- SUSE-SU-2021:1176-1
- SUSE-SU-2021:1177-1
- SUSE-SU-2021:1210-1
- SUSE-SU-2021:1211-1
- SUSE-SU-2021:1238-1
- SUSE-SU-2021:1573-1
- SUSE-SU-2021:1596-1
- SUSE-SU-2021:1617-1
- SUSE-SU-2021:1623-1
- SUSE-SU-2021:1624-1
- SUSE-SU-2021:1625-1
- SUSE-SU-2021:1975-1
- SUSE-SU-2021:1977-1
- USN-4904-1
- USN-4911-1
- USN-4945-1
- USN-4945-2
- USN-4946-1
- USN-4984-1
Source | # ID | Name | URL |
---|---|---|---|
Xen Project | XSA-367 | Security Advisory | http://xenbits.xen.org/xsa/advisory-367.html |
Xen Project | XSA-367 | Signed Security Advisory | http://xenbits.xen.org/xsa/advisory-367.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:generic/xen | xen | = 5.12-rc |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |