CVE-2021-36310
published 2021-11-20CVE-2021-36310: Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged…
PriorityP422medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.81%
52.4th percentile
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | dell_networking_os10 | >= unspecified < 10.5.3.4 | 10.5.3.4 |
| dell | networking_os10 | < 10.4.3.8 | 10.4.3.8 |
| dell | networking_os10 | >= 10.5.0.0 < 10.5.0.10 | 10.5.0.10 |
| dell | networking_os10 | >= 10.5.1.0 < 10.5.1.10 | 10.5.1.10 |
| dell | networking_os10 | >= 10.5.2.0 < 10.5.2.8 | 10.5.2.8 |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:C
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4xf4-x6w8-3gwg: Dell Networking OS10, versions 10
ghsa_unreviewed·2021-11-21
CVE-2021-36310 [MEDIUM] CWE-400 GHSA-4xf4-x6w8-3gwg: Dell Networking OS10, versions 10
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
Red Hat
kernel: infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c for certain nested page faults
vendor_redhat·2020-04-21·CVSS 5.5
CVE-2020-36310 [MEDIUM] CWE-835 kernel: infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c for certain nested page faults
kernel: infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c for certain nested page faults
An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.
A flaw was found in the Linux kernel. A nested page fault is created when an address does not have a memslot associated to it. The highest threat from this vulnerability is to system availability. This flaw can be triggered using a malformed Virtual Machine. When triggered this bug will lead to the user-space component of KVM to freeze.
Statement: Red Hat Product Security does not consider this to be a vulnerability. This issue has addressed as a regular bug in the errata RHSA-2021:2185 and RHSA-2021:1578. T
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-20
Published