Lucene search

XENCVE-2021-28709

HistoryNov 24, 2021 - 2:15 a.m.

CVE-2021-28709

2021-11-2402:15:06

CWE-755

XEN

web.nvd.nist.gov

cve-2021-28709

x86

p2m updates

security

vulnerability

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

27.5%

JSON

issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)

Affected configurations

Nvd

Node

xenxenRange3.4.0–4.12.4x86

xenxenRange4.13.0–4.13.4x86

xenxenRange4.14.0–4.14.3x86

xenxenMatch4.15.0x86

xenxenMatch4.15.1x86

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

Node

debiandebian_linuxMatch11.0

VendorProductVersionCPE
xenxen*cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*
xenxen4.15.0cpe:2.3:o:xen:xen:4.15.0:*:*:*:*:*:x86:*
xenxen4.15.1cpe:2.3:o:xen:xen:4.15.1:*:*:*:*:*:x86:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	*	cpe:2.3:o:xen:xen:::::::x86:*
xen	xen	4.15.0	cpe:2.3:o:xen:xen:4.15.0::::::x86:
xen	xen	4.15.1	cpe:2.3:o:xen:xen:4.15.1::::::x86:
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*

CNA Affected

[
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "4.14.x",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "4.12.x",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "4.15.x",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "xen-unstable",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "4.13.x",
        "status": "affected"
      }
    ]
  }
]