CVE-2021-28688 — Improper Initialization in Linux
Severity
6.5MEDIUMNVD
OSV7.8OSV6.7
EPSS
0.1%
top 67.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 6
Latest updateMay 24
Description
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulner…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0
Affected Packages5 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
7GHSA▶
GHSA-hqhv-rx9w-cr56: The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values↗2022-05-24
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-06-08
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.↗2021-06-08
📋Vendor Advisories
5Debian▶
CVE-2021-28688: linux - The fix for XSA-365 includes initialization of pointers such that subsequent cle...↗2021