CVE-2021-28711Uncontrolled Resource Consumption in Linux

CWE-400Uncontrolled Resource Consumption27 documents6 sources
Severity
6.5MEDIUMNVD
OSV7.0OSV5.9
EPSS
0.0%
top 85.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxDebian Linux
Timeline
PublishedJan 5
Latest updateApr 12

Description

Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious d

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages3 packages

debiandebian/linux< linux 5.15.15-1 (bookworm)
Debianlinux/linux_kernel< 5.10.92-1+3
Ubuntulinux/linux_kernel< 4.15.0-169.177+2

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: xenbits.xenproject.orgPatch: xenbits.xenproject.org

🔴Vulnerability Details

12
OSV
linux, linux-kvm, linux-lts-xenial vulnerabilities2023-04-12
OSV
linux-bluefield vulnerabilities2022-04-13
OSV
linux-azure-5.13, linux-oracle-5.13 vulnerabilities2022-04-06
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, lnux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.42022-03-22
OSV
linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities2022-03-22

📋Vendor Advisories

12
Ubuntu
Linux kernel vulnerabilities2023-04-12
Ubuntu
Linux kernel (BlueField) vulnerabilities2022-04-13
Ubuntu
Linux kernel vulnerabilities2022-04-06
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-03-22