Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-28038

Published: 05/03/2021 Updated: 25/03/2024
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux Kernel

Vulnerability Summary

An issue exists in the Linux kernel up to and including 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 5.12

linux linux kernel

debian debian linux 9.0

netapp cloud backup -

netapp solidfire baseboard management controller firmware -

Vendor Advisories

Amazon Linux AMI: ALAS-2021-1487
An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-001
A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC This flaw allows a local user to crash the system (CVE-2020-25639) An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, ...
Amazon Linux 2: ALAS2-2021-1616
An issue was discovered in the Linux kernel 311 through 51016, as used by Xen To service requests to the PV backend, the driver maps grant references provided by the frontend In this process, errors may be encountered In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful ...
Arch Linux Issues:
An issue was discovered in the Linux kernel through 5113, as used with Xen PV A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors) A host OS denial of service may occur during misbehavior of a networking frontend driver NOTE: ...
Citrix Security Bulletins: Citrix Hypervisor Security Update
Two security issues have been identified in Citrix Hypervisor (formerly Citrix XenServer) that may allow privileged code in a guest VM to cause the host to crash or become unresponsive ...

References

CWE-770http://xenbits.xen.org/xsa/advisory-367.htmlhttp://www.openwall.com/lists/oss-security/2021/03/05/1https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlhttps://security.netapp.com/advisory/ntap-20210409-0001/https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2021-1487.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook