Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-28701

UNKNOWN
Published 2021-09-08T13:02:28
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-28701. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Xen

xen

Affected Versions:

unspecified 4.15.x next of xen-unstable
Xen

xen

Affected Versions:

4.11.x
Xen

xen

Affected Versions:

unspecified 4.12.x next of 4.14.x

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-423x-f92f-r5fm

Advisory Details

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-28701
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU
WEB https://security.gentoo.org/glsa/202208-23
WEB https://www.debian.org/security/2021/dsa-4977
WEB https://xenbits.xenproject.org/xsa/advisory-384.txt
WEB http://www.openwall.com/lists/oss-security/2021/09/08/2
WEB http://xenbits.xen.org/xsa/advisory-384.html

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: July 13, 2022

References

https://xenbits.xenproject.org/xsa/advisory-384.txt
http://xenbits.xen.org/xsa/advisory-384.html
http://www.openwall.com/lists/oss-security/2021/09/08/2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/
https://www.debian.org/security/2021/dsa-4977
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/
https://security.gentoo.org/glsa/202208-23
Published: 2021-09-08T13:02:28
Last Modified: 2024-08-03T21:47:33.200Z
Copied to clipboard!