CVE-2021-26932 — Linux vulnerability

6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 59.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +17 more

Timeline

PublishedFeb 17

Latest updateMay 24

Description

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages19 packages

▶msrcmsrc/kernel-drivers-sound-5.10.57.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm

▶msrcmsrc/kernel-drivers-accessibility-5.10.57.1-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm

▶Debianlinux/linux_kernel< 5.10.19-1+3

▶NVDlinux/linux_kernel3.2 — 5.10.16

▶msrcmsrc/kernel-drivers-sound-5.10.57.1-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64

Also affects: Debian Linux 9.0, Fedora 32, 33

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-w8vm-5jg7-3r38: An issue was discovered in the Linux kernel 3↗2022-05-24

▶

OSV

CVE-2021-26932: An issue was discovered in the Linux kernel 3↗2021-02-17

▶

📋Vendor Advisories

BSD

FreeBSD-SA-21:06.xen: Xen grant mapping error handling issues↗2021-02-24

▶

Microsoft

An issue was discovered in the Linux kernel 3.2 through 5.10.16 as used by Xen. Grant mapping operations often occur in batch hypercalls where a number of operations are done in a single hypercall the↗2021-02-09

▶

Debian

CVE-2021-26932: linux - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen....↗2021

▶