[XSA-374] Guest triggered use-after-free in Linux xen-netback
Severity
High
Affected Packages
2
CVEs
1
ISSUE DESCRIPTION
A malicious or buggy network PV frontend can force Linux netback to
disable the interface and terminate the receive kernel thread
associated with queue 0 in response to the frontend sending a
malformed packet.
Such kernel thread termination will lead to a use-after-free in Linux
netback when the backend is destroyed, as the kernel thread associated
with queue 0 will have already exited and thus the call to
kthread_stop will be performed against a stale pointer.
IMPACT
A malicious or buggy frontend driver can trigger a dom0 crash.
Privilege escalation and information leaks cannot be ruled out.
VULNERABLE SYSTEMS
Systems using Linux version 5.5 or newer are vulnerable.
| Package | Affected Version |
|---|---|
 pkg:generic/xen
|
= 5.5.0 |
|
pkg:generic/xen
|
= 5.12.2 |
- ID
- XSA-374
- Severity
- high
- Severity from
- CVE-2021-28691
- URL
- http://xenbits.xen.org/xsa/advisory-374.html
- Published
-
2021-06-08T17:00:00
(3 years ago) - Modified
-
2021-06-08T17:00:00
(3 years ago) - Rights
- Xen Project
- Other Advisories
GLSA-202107-30
MS:CVE-2021-28691
USN-5015-1| Source | # ID | Name | URL |
|---|---|---|---|
| Xen Project | XSA-374 | Security Advisory |
|
| Xen Project | XSA-374 | Signed Security Advisory |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:generic/xen | xen | = 5.5.0 | ||||
| Affected | pkg:generic/xen | xen | = 5.12.2 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |