CVE-2021-28715 — Allocation of Resources Without Limits or Throttling in Kernel
Severity
6.5MEDIUMNVD
OSV7.0OSV4.7
EPSS
0.2%
top 60.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 6
Latest updateApr 13
Description
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface c…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0
Affected Packages5 packages
Also affects: Debian Linux 10.0, 11.0, 9.0
🔴Vulnerability Details
10OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, lnux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4↗2022-03-22
OSV▶
linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2022-03-22
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2022-02-22