CVE-2021-28697 — Race Condition in XEN

CWE-362 — Race Condition CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 81.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedAug 27

Latest updateMay 24

Description

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing r…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5xen/xen4.13.x — unspecified+3

▶debiandebian/xen< xen 4.14.3-1 (bookworm)

▶Debianxen/xen< 4.14.3-1~deb11u1+3

▶NVDxen/xen4.0.0 — 4.15.0

Also affects: Debian Linux 11.0, Fedora 33, 34, 35

🔴Vulnerability Details

GHSA

GHSA-2h72-2hx7-mmcq: grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory↗2022-05-24

▶

OSV

CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory↗2021-08-27

▶

📋Vendor Advisories

Debian

CVE-2021-28697: xen - grant table v2 status pages may remain accessible after de-allocation Guest get ...↗2021

▶