{"containers": {"cna": {"affected": [{"product": "Linux", "vendor": "Linux", "versions": [{"lessThan": "4.12", "status": "unknown", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "3.11", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "next of 4.3", "versionType": "custom"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"status": "affected", "version": "5.11.1"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"status": "affected", "version": "5.12-rc"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"status": "affected", "version": "5.10.18"}]}, {"product": "Linux", "vendor": "Linux", "versions": [{"lessThan": "4.12", "status": "unknown", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "4.4", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "next of 5.9", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Nicolai Stange of SUSE.'}]}}}"}], "descriptions": [{"lang": "en", "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."}], "metrics": [{"other": {"content": {"description": {"description_data": [{"lang": "eng", "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS)."}]}}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "unknown", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-23T01:08:09", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@xen.org", "ID": "CVE-2021-28688", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux", "version": {"version_data": [{"version_affected": "?<", "version_value": "4.12"}, {"version_affected": ">=", "version_value": "3.11"}, {"version_affected": "!>", "version_value": "4.3"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_value": "5.11.1"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_value": "5.12-rc"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_value": "5.10.18"}]}}, {"product_name": "Linux", "version": {"version_data": [{"version_affected": "?<", "version_value": "4.12"}, {"version_affected": "?>=", "version_value": "4.4"}, {"version_affected": "!>", "version_value": "5.9"}]}}]}, "vendor_name": "Linux"}]}}, "configuration": {"configuration_data": {"description": {"description_data": [{"lang": "eng", "value": "All Linux versions having the fix for XSA-365 applied are vulnerable.\nXSA-365 was classified to affect versions back to at least 3.11."}]}}}, "credit": {"credit_data": {"description": {"description_data": [{"lang": "eng", "value": "This issue was discovered by Nicolai Stange of SUSE."}]}}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."}]}, "impact": {"impact_data": {"description": {"description_data": [{"lang": "eng", "value": "A malicious or buggy frontend driver may be able to cause resource leaks\nfrom the corresponding backend driver. This can result in a host-wide\nDenial of Sevice (DoS)."}]}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unknown"}]}]}, "references": {"reference_data": [{"name": "https://xenbits.xenproject.org/xsa/advisory-371.txt", "refsource": "MISC", "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}, "workaround": {"workaround_data": {"description": {"description_data": [{"lang": "eng", "value": "Reconfiguring guests to use alternative (e.g. qemu-based) backends may\navoid the vulnerability.\n\nAvoiding the use of persistent grants will also avoid the vulnerability.\nThis can be achieved by passing the \"feature_persistent=0\" module option\nto the xen-blkback driver."}]}}}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:47:33.121Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}]}, "cveMetadata": {"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2021-28688", "datePublished": "2021-04-06T18:07:41", "dateReserved": "2021-03-18T00:00:00", "dateUpdated": "2024-08-03T21:47:33.121Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9F05E8C-CEFC-4C34-9B1F-E9D1E8DC098B", "versionEndIncluding": "5.10.18", "versionStartIncluding": "3.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11."}, {"lang": "es", "value": "La soluci\u00f3n para XSA-365 incluye la inicializaci\u00f3n de punteros de modo que el c\u00f3digo de limpieza posterior no utilice valores no inicializados o obsoletos.&#xa0;Esta inicializaci\u00f3n fue demasiado lejos y, en determinadas condiciones, tambi\u00e9n puede sobrescribir los punteros que est\u00e1n requiriendo una limpieza.&#xa0;La falta de limpieza resultar\u00eda en fugas de subsidios persistentes.&#xa0;A su vez, la filtraci\u00f3n impedir\u00eda a una limpieza completa despu\u00e9s de que un invitado respectivo haya terminado, dejando dominios zombies.&#xa0;Todas las versiones de Linux que presentan la correcci\u00f3n para XSA-365 aplicada son vulnerables.&#xa0;XSA-365 se clasific\u00f3 para afectar a las versiones de al menos 3.11"}], "id": "CVE-2021-28688", "lastModified": "2024-11-21T06:00:08.800", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-06T19:15:14.863", "references": [{"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"source": "security@xen.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-371.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}