CVE-2021-28705
Vulnerability from cvelistv5
Published
2021-11-24 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T21:47:33.239Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://xenbits.xenproject.org/xsa/advisory-389.txt" }, { "name": "FEDORA-2021-03645e9807", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/" }, { "name": "DSA-5017", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-5017" }, { "name": "FEDORA-2021-2b3a2de94f", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202402-07" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xen", "vendor": "Xen", "versions": [ { "status": "affected", "version": "4.14.x" } ] }, { "product": "xen", "vendor": "Xen", "versions": [ { "status": "affected", "version": "4.12.x" } ] }, { "product": "xen", "vendor": "Xen", "versions": [ { "status": "affected", "version": "4.15.x" } ] }, { "product": "xen", "vendor": "Xen", "versions": [ { "status": "affected", "version": "xen-unstable" } ] }, { "product": "xen", "vendor": "Xen", "versions": [ { "status": "affected", "version": "4.13.x" } ] } ], "credits": [ { "lang": "en", "value": "{\u0027credit_data\u0027: {\u0027description\u0027: {\u0027description_data\u0027: [{\u0027lang\u0027: \u0027eng\u0027, \u0027value\u0027: \u0027This issue was discovered by Jan Beulich of SUSE.\u0027}]}}}" } ], "descriptions": [ { "lang": "en", "value": "issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)" } ], "metrics": [ { "other": { "content": { "description": { "description_data": [ { "lang": "eng", "value": "Malicious or buggy guest kernels may be able to mount a Denial of\nService (DoS) attack affecting the entire system. Privilege escalation\nand information leaks cannot be ruled out." } ] } }, "type": "unknown" } } ], "problemTypes": [ { "descriptions": [ { "description": "unknown", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-04T08:07:31.743613", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN" }, "references": [ { "url": "https://xenbits.xenproject.org/xsa/advisory-389.txt" }, { "name": "FEDORA-2021-03645e9807", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/" }, { "name": "DSA-5017", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2021/dsa-5017" }, { "name": "FEDORA-2021-2b3a2de94f", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/" }, { "name": "GLSA-202402-07", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202402-07" } ] } }, "cveMetadata": { "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2021-28705", "datePublished": "2021-11-24T00:00:00", "dateReserved": "2021-03-18T00:00:00", "dateUpdated": "2024-08-03T21:47:33.239Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-28705\",\"sourceIdentifier\":\"security@xen.org\",\"published\":\"2021-11-24T02:15:06.687\",\"lastModified\":\"2024-02-04T08:15:08.770\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)\"},{\"lang\":\"es\",\"value\":\"problemas con actualizaciones P2M parcialmente con \u00e9xito en x86 [Este registro de informaci\u00f3n CNA se relaciona con m\u00faltiples CVEs; el texto explica qu\u00e9 aspectos/vulnerabilidades corresponden a cada CVE]. Los hu\u00e9spedes x86 HVM y PVH pueden iniciarse en modo populate-on-demand (PoD), para proporcionar una forma de que m\u00e1s tarde les sea asignada f\u00e1cilmente m\u00e1s memoria. A los hu\u00e9spedes les es permitido controlar determinados aspectos P2M de p\u00e1ginas individuales por medio de hypercalls. Estas hypercalls pueden actuar sobre rangos de p\u00e1ginas especificados por medio de \u00f3rdenes de p\u00e1ginas (resultando en un n\u00famero de p\u00e1ginas de potencia 2). En algunos casos, el hipervisor realiza las peticiones dividi\u00e9ndolas en trozos m\u00e1s peque\u00f1os. El manejo de errores en algunos casos de PdD ha sido insuficiente, ya que, en particular, el \u00e9xito parcial de algunas operaciones no se contabiliz\u00f3 apropiadamente. Se presentan dos rutas de c\u00f3digo afectadas: la eliminaci\u00f3n de p\u00e1ginas (CVE-2021-28705) y la inserci\u00f3n de nuevas p\u00e1ginas (CVE-2021-28709). (Proporcionamos un parche que combina la correcci\u00f3n de ambos problemas)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":6.9},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndIncluding\":\"4.12.4\",\"matchCriteriaId\":\"3EFBF066-D1E3-4065-A6F6-7E1103E1818D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionStartIncluding\":\"4.13.0\",\"versionEndIncluding\":\"4.13.4\",\"matchCriteriaId\":\"50E23003-9CFD-4E42-8C44-0E6CCF123EEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*\",\"versionStartIncluding\":\"4.14.0\",\"versionEndIncluding\":\"4.14.3\",\"matchCriteriaId\":\"855A8245-709D-4316-A405-C6A6976AC8F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.15.0:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"C3BFD203-8E25-46AF-AF43-DAFB86BDFE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.15.1:*:*:*:*:*:x86:*\",\"matchCriteriaId\":\"B913BAA9-3E44-4073-AD4A-2D5B02A5ACBB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/\",\"source\":\"security@xen.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/\",\"source\":\"security@xen.org\"},{\"url\":\"https://security.gentoo.org/glsa/202402-07\",\"source\":\"security@xen.org\"},{\"url\":\"https://www.debian.org/security/2021/dsa-5017\",\"source\":\"security@xen.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xenproject.org/xsa/advisory-389.txt\",\"source\":\"security@xen.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.