Memory Management Flaw in Xen Hypervisor Affects Guest Virtualization
CVE-2021-28703

7HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 7 December 2021

🔔 Create Xen Project Vulnerability Alert

What is CVE-2021-28703?

A vulnerability in the Xen Hypervisor's memory management system allows guests to retain access to freed grant table v2 status pages. This occurs when guests transition from v2 to v1, causing the hypervisor to lose track of specific mappings. The flaw, which can lead to unauthorized access to Xen-owned memory pages, can allow malicious actors to exploit these pages for unintended purposes. The issue was addressed in Xen 4.14 and has been backported to other security-supported branches to enhance system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Xen Branch 4.13 <= 4.13

Xen Branch 4.13.4 4.13.4

Xen Branch 4.14.x 4.14.x

References

https://xenbits.xenproject.org/xsa/advisory-387.txt

https://security.gentoo.org/glsa/202402-07

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 7, 2021
Vulnerability Reserved
Mar 18, 2021

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Patryk Balicki and Julien Grall of Amazon.'}]}}}

JSON

Xen Project

What is CVE-2021-28703?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.