An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
References
Link | Resource |
---|---|
http://xenbits.xen.org/xsa/advisory-369.html | Patch Vendor Advisory |
http://www.openwall.com/lists/oss-security/2021/03/05/2 | Mailing List Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210409-0001/ | Third Party Advisory |
Information
Published : 2021-03-05 10:15
Updated : 2022-07-12 10:42
NVD link : CVE-2021-28039
Mitre link : CVE-2021-28039
JSON object : View
CWE
CWE-131
Incorrect Calculation of Buffer Size
Products Affected
netapp
- cloud_backup
- solidfire_baseboard_management_controller_firmware
xen
- xen
linux
- linux_kernel