CVE-2021-28688 - OpenCVE

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://xenbits.xenproject.org/xsa/advisory-371.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: XEN

Published: 2021-04-06T18:07:41

Updated: 2024-08-03T21:47:33.121Z

Reserved: 2021-03-18T00:00:00

Link: CVE-2021-28688

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-06T19:15:14.863

Modified: 2022-05-27T16:46:33.640

Link: CVE-2021-28688

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Linux", "vendor": "Linux", "versions": [{"lessThan": "4.12", "status": "unknown", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "3.11", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "next of 4.3", "versionType": "custom"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"status": "affected", "version": "5.11.1"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"status": "affected", "version": "5.12-rc"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"status": "affected", "version": "5.10.18"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"lessThan": "4.12", "status": "unknown", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "4.4", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "next of 5.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Nicolai Stange of SUSE.'}]}}}"}], "descriptions": [{"lang": "en", "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."}], "metrics": [{"other": {"content": {"description": {"description_data": [{"lang": "eng", "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS)."}]}}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "unknown", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-23T01:08:09", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@xen.org", "ID": "CVE-2021-28688", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux", "version": {"version_data": [{"version_affected": "?<", "version_value": "4.12"}, {"version_affected": ">=", "version_value": "3.11"}, {"version_affected": "!>", "version_value": "4.3"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_value": "5.11.1"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_value": "5.12-rc"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_value": "5.10.18"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_affected": "?<", "version_value": "4.12"}, {"version_affected": "?>=", "version_value": "4.4"}, {"version_affected": "!>", "version_value": "5.9"}]}}]}, "vendor_name": "Linux"}]}}, "configuration": {"configuration_data": {"description": {"description_data": [{"lang": "eng", "value": "All Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11."}]}}}, "credit": {"credit_data": {"description": {"description_data": [{"lang": "eng", "value": "This issue was discovered by Nicolai Stange of SUSE."}]}}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."}]}, "impact": {"impact_data": {"description": {"description_data": [{"lang": "eng", "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS)."}]}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unknown"}]}]}, "references": {"reference_data": [{"name": "https://xenbits.xenproject.org/xsa/advisory-371.txt", "refsource": "MISC", "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}, "workaround": {"workaround_data": {"description": {"description_data": [{"lang": "eng", "value": "Reconfiguring guests to use alternative (e.g. qemu-based) backends may\navoid the vulnerability.\n\nAvoiding the use of persistent grants will also avoid the vulnerability.\nThis can be achieved by passing the \"feature_persistent=0\" module option\nto the xen-blkback driver."}]}}}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:47:33.121Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}]}, "cveMetadata": {"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2021-28688", "datePublished": "2021-04-06T18:07:41", "dateReserved": "2021-03-18T00:00:00", "dateUpdated": "2024-08-03T21:47:33.121Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9F05E8C-CEFC-4C34-9B1F-E9D1E8DC098B", "versionEndIncluding": "5.10.18", "versionStartIncluding": "3.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."}, {"lang": "es", "value": "La soluci\u00f3n para XSA-365 incluye la inicializaci\u00f3n de punteros de modo que el c\u00f3digo de limpieza posterior no utilice valores no inicializados o obsoletos. Esta inicializaci\u00f3n fue demasiado lejos y, en determinadas condiciones, tambi\u00e9n puede sobrescribir los punteros que est\u00e1n requiriendo una limpieza. La falta de limpieza resultar\u00eda en fugas de subsidios persistentes. A su vez, la filtraci\u00f3n impedir\u00eda a una limpieza completa despu\u00e9s de que un invitado respectivo haya terminado, dejando dominios zombies. Todas las versiones de Linux que presentan la correcci\u00f3n para XSA-365 aplicada son vulnerables. XSA-365 se clasific\u00f3 para afectar a las versiones de al menos 3.11"}], "id": "CVE-2021-28688", "lastModified": "2022-05-27T16:46:33.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-06T19:15:14.863", "references": [{"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"source": "security@xen.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}