Memory Management Bug in Xen Project Hypervisor for x86 HVM and PVH Guests
CVE-2021-28708

8.8HIGH

Key Information:

Vendor

Xen Project
Status
Xen
Vendor
CVE Published:
24 November 2021

What is CVE-2021-28708?

The vulnerability arises in the populate-on-demand (PoD) operations within the Xen hypervisor, specifically affecting x86 HVM and PVH guests. It stems from a failure to properly align the base page frame number during certain hypercall operations, allowing misaligned Guest Frame Numbers (GFNs). This misalignment can lead to unexpected behaviors when managing memory allocation for virtual machines, potentially resulting in resource management inconsistencies. Affected operations include XENMEM_decrease_reservation and XENMEM_populate_physmap. Moreover, the handling of XENMEM_decrease_reservation may cause a host crash if the specified page order is neither 4K, 2M, nor 1G. Users are advised to review the latest security patches to mitigate this issue.

Affected Version(s)

xen xen-unstable

xen 4.12.x

xen 4.15.x

References

https://xenbits.xenproject.org/xsa/advisory-388.txt
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://www.debian.org/security/2021/dsa-5017
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Jan Beulich of SUSE.'}]}}}
.
CVE-2021-28708 : Memory Management Bug in Xen Project Hypervisor for x86 HVM and PVH Guests