Severe I/O Misconfiguration Vulnerability in Linux Kernel's Xen Virtualization
CVE-2021-28039

6.5MEDIUM

Key Information:

Vendor

Xen Project
Status
Xen
Linux Kernel
Vendor
CVE Published:
5 March 2021

What is CVE-2021-28039?

A significant vulnerability has been identified in the Linux kernel versions 5.9.x through 5.11.3, specifically in configurations using Xen virtualization. This issue allows an x86 paravirtual (PV) guest operating system user to potentially crash the Dom0 or driver domain by executing a large volume of I/O operations. The vulnerability arises from incorrect handling of guest physical addresses, particularly in scenarios where CONFIG_XEN_UNPOPULATED_ALLOC is enabled while CONFIG_XEN_BALLOON_MEMORY_HOTPLUG is not. This may lead to system instability affecting host and guest environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://xenbits.xen.org/xsa/advisory-369.html
http://www.openwall.com/lists/oss-security/2021/03/05/2
mailing-list
https://security.netapp.com/advisory/ntap-20210409-0001/

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.