[XSA-374] Guest triggered use-after-free in Linux xen-netback
Severity
High
Affected Packages
2
CVEs
1
ISSUE DESCRIPTION
A malicious or buggy network PV frontend can force Linux netback to
disable the interface and terminate the receive kernel thread
associated with queue 0 in response to the frontend sending a
malformed packet.
Such kernel thread termination will lead to a use-after-free in Linux
netback when the backend is destroyed, as the kernel thread associated
with queue 0 will have already exited and thus the call to
kthread_stop will be performed against a stale pointer.
IMPACT
A malicious or buggy frontend driver can trigger a dom0 crash.
Privilege escalation and information leaks cannot be ruled out.
VULNERABLE SYSTEMS
Systems using Linux version 5.5 or newer are vulnerable.
Package | Affected Version |
---|---|
pkg:generic/xen | = 5.5.0 |
pkg:generic/xen | = 5.12.2 |
- ID
- XSA-374
- Severity
- high
- Severity from
- CVE-2021-28691
- URL
- http://xenbits.xen.org/xsa/advisory-374.html
- Published
-
2021-06-08T17:00:00
(3 years ago) - Modified
-
2021-06-08T17:00:00
(3 years ago) - Rights
- Xen Project
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Xen Project | XSA-374 | Security Advisory | http://xenbits.xen.org/xsa/advisory-374.html |
Xen Project | XSA-374 | Signed Security Advisory | http://xenbits.xen.org/xsa/advisory-374.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:generic/xen | xen | = 5.5.0 | ||||
Affected | pkg:generic/xen | xen | = 5.12.2 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |