CVE-2021-26931 — Allocation of Resources Without Limits or Throttling in Kernel
Severity
6.5MEDIUMNVD
NVD5.5OSV7.8OSV6.7OSV5.5OSV4.4
EPSS
0.1%
top 77.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 17
Latest updateMay 1
Description
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xe…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages20 packages
Also affects: Debian Linux 9.0, Fedora 32, 33
Patches
🔴Vulnerability Details
8OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-05-11
OSV▶
linux, linux-aws, lnux-aws-hwe, linux-azure, inux-azure-4.15, linux-dell300x, linux-gcp, linux-hwe, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-05-11
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-ra↗2021-04-13