CVE-2021-28709 — Improper Handling of Exceptional Conditions in XEN
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 24
Latest updateMay 24
Description
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a powe…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 11.0, Fedora 34, 35
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-397g-22v6-9m75: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabili↗2022-05-24
GHSA▶
GHSA-5rjh-29pm-3mx4: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabili↗2022-05-24
OSV▶
CVE-2021-28709: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabili↗2021-11-24
OSV▶
CVE-2021-28705: issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabili↗2021-11-24