CVE-2021-28703 — XEN vulnerability

4 documents4 sources

Severity

7.0HIGHNVD

EPSS

0.1%

top 70.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN XEN Project XEN

Timeline

PublishedDec 7

Latest updateDec 8

Description

grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, b…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages4 packages

▶NVDxen/xen< 14.4

▶debiandebian/xen< xen 4.14.0+80-gd101b417b7-1 (bookworm)

▶Debianxen/xen< 4.14.0+80-gd101b417b7-1+3

▶CVEListV5xen_project/xenBranch 4.13 — 4.13

🔴Vulnerability Details

GHSA

GHSA-mj29-93c5-p3pr: grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory↗2021-12-08

▶

OSV

CVE-2021-28703: grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory↗2021-12-07

▶

📋Vendor Advisories

Debian

CVE-2021-28703: xen - grant table v2 status pages may remain accessible after de-allocation (take two)...↗2021

▶