Memory Management Flaw in Xen Hypervisor Affects Guest Virtualization
CVE-2021-28703

7HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 7 December 2021

What is CVE-2021-28703?

A vulnerability in the Xen Hypervisor's memory management system allows guests to retain access to freed grant table v2 status pages. This occurs when guests transition from v2 to v1, causing the hypervisor to lose track of specific mappings. The flaw, which can lead to unauthorized access to Xen-owned memory pages, can allow malicious actors to exploit these pages for unintended purposes. The issue was addressed in Xen 4.14 and has been backported to other security-supported branches to enhance system integrity.

Affected Version(s)

Xen Branch 4.13 <= 4.13

Xen Branch 4.13.4 4.13.4

Xen Branch 4.14.x 4.14.x

References

https://xenbits.xenproject.org/xsa/advisory-387.txt

https://security.gentoo.org/glsa/202402-07

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2021
Vulnerability Reserved
Mar 18, 2021

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Patryk Balicki and Julien Grall of Amazon.'}]}}}

Xen Project

What is CVE-2021-28703?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit