ID

VAR-202103-1030


CVE

CVE-2021-28039


TITLE

Xen  Used in  Linux Kernel  Resource Depletion Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003868

DESCRIPTION

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG. Linux kernel 5.9.x through 5.11.3 contains a security vulnerability that could be exploited by an attacker to cause the driver to crash

Trust: 1.71

sources: NVD: CVE-2021-28039 // JVNDB: JVNDB-2021-003868 // VULHUB: VHN-387390

AFFECTED PRODUCTS

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope:lteversion:5.11.3

Trust: 1.0

vendor:linuxmodel:kernelscope:gteversion:5.9.0

Trust: 1.0

vendor:xenmodel:xenscope:eqversion: -

Trust: 1.0

vendor:netappmodel:solidfire baseboard management controllerscope:eqversion: -

Trust: 1.0

vendor:linuxmodel:kernelscope: - version: -

Trust: 0.8

vendor:xen プロジェクトmodel:xenscope:eqversion:project

Trust: 0.8

vendor:xen プロジェクトmodel:xenscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003868 // NVD: CVE-2021-28039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-28039
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-28039
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202103-475
value: MEDIUM

Trust: 0.6

VULHUB: VHN-387390
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-28039
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-387390
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-28039
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-28039
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-387390 // JVNDB: JVNDB-2021-003868 // CNNVD: CNNVD-202103-475 // NVD: CVE-2021-28039

PROBLEMTYPE DATA

problemtype:CWE-131

Trust: 1.1

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-387390 // JVNDB: JVNDB-2021-003868 // NVD: CVE-2021-28039

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202103-475

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202103-475

PATCH

title:Linux Kernel Archives Xen  project Xen  projecturl:http://www.kernel.org

Trust: 0.8

sources: JVNDB: JVNDB-2021-003868

EXTERNAL IDS

db:NVDid:CVE-2021-28039

Trust: 2.5

db:OPENWALLid:OSS-SECURITY/2021/03/05/2

Trust: 2.5

db:JVNDBid:JVNDB-2021-003868

Trust: 0.8

db:CNNVDid:CNNVD-202103-475

Trust: 0.6

db:VULHUBid:VHN-387390

Trust: 0.1

sources: VULHUB: VHN-387390 // JVNDB: JVNDB-2021-003868 // CNNVD: CNNVD-202103-475 // NVD: CVE-2021-28039

REFERENCES

url:http://www.openwall.com/lists/oss-security/2021/03/05/2

Trust: 2.5

url:https://security.netapp.com/advisory/ntap-20210409-0001/

Trust: 1.7

url:http://xenbits.xen.org/xsa/advisory-369.html

Trust: 1.7

url:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=882213990d32fd224340a4533f6318dd152be4b2

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2021-28039

Trust: 0.8

sources: VULHUB: VHN-387390 // JVNDB: JVNDB-2021-003868 // CNNVD: CNNVD-202103-475 // NVD: CVE-2021-28039

SOURCES

db:VULHUBid:VHN-387390
db:JVNDBid:JVNDB-2021-003868
db:CNNVDid:CNNVD-202103-475
db:NVDid:CVE-2021-28039

LAST UPDATE DATE

2024-08-14T14:18:33.509000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-387390date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-003868date:2021-11-09T05:05:00
db:CNNVDid:CNNVD-202103-475date:2022-07-14T00:00:00
db:NVDid:CVE-2021-28039date:2024-03-25T01:15:50.483

SOURCES RELEASE DATE

db:VULHUBid:VHN-387390date:2021-03-05T00:00:00
db:JVNDBid:JVNDB-2021-003868date:2021-11-09T00:00:00
db:CNNVDid:CNNVD-202103-475date:2021-03-05T00:00:00
db:NVDid:CVE-2021-28039date:2021-03-05T18:15:13.190