{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-28038", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T21:33:17.329Z", "dateReserved": "2021-03-05T00:00:00", "datePublished": "2021-03-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-03-25T00:39:17.344391"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://xenbits.xen.org/xsa/advisory-367.html"}, {"name": "[oss-security] 20210305 Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errors", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2021/03/05/1"}, {"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"}, {"name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"}, {"url": "https://security.netapp.com/advisory/ntap-20210409-0001/"}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:17.329Z"}, "title": "CVE Program Container", "references": [{"url": "http://xenbits.xen.org/xsa/advisory-367.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20210305 Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errors", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/03/05/1"}, {"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"}, {"name": "[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"}, {"url": "https://security.netapp.com/advisory/ntap-20210409-0001/", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "873F5904-E137-45CC-A229-1ACB174021B9", "versionEndExcluding": "4.4.260", "versionStartIncluding": "2.6.39", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "37A31D37-6E2B-487D-A7B1-AA678845E3BD", "versionEndExcluding": "4.9.260", "versionStartIncluding": "4.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2C21DCE-38E0-48E5-AB62-F12536A90A1B", "versionEndExcluding": "4.14.224", "versionStartIncluding": "4.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BA86006-B187-4C7D-9712-36D3D724AC33", "versionEndExcluding": "4.19.179", "versionStartIncluding": "4.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3CFDB2D-F538-4E59-B331-7EAD494C2924", "versionEndExcluding": "5.4.103", "versionStartIncluding": "4.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADF2B8FE-6B1B-40C6-B1DC-37812D5A0F1A", "versionEndExcluding": "5.10.21", "versionStartIncluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "635861E2-E992-4768-A883-CBC76271AFD1", "versionEndExcluding": "5.11.4", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "07875739-0CCB-4F48-9330-3D4B6A4064FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "DA09B732-04F8-452C-94CF-97644E78684D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el kernel de Linux versiones hasta 5.11.3, como es usada con Xen PV. Una cierta parte del controlador netback carece del tratamiento necesario de errores como asignaciones de memoria fallidas (como resultado de cambios en el manejo de errores de asignaci\u00f3n de permisos). Puede producirse una denegaci\u00f3n de servicio del Sistema Operativo host durante el comportamiento inapropiado de un controlador de interfaz de red. NOTA: este problema se presenta debido a una correcci\u00f3n incompleta para el CVE-2021-26931"}], "id": "CVE-2021-28038", "lastModified": "2024-11-21T05:59:01.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-05T18:15:13.127", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/03/05/1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-367.html"}, {"source": "cve@mitre.org", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210409-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/03/05/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-367.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210409-0001/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}