Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
437
VMScore

CVE-2021-28699

Published: 27/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Xen

Vulnerability Summary

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-4977-1 xen -- security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks With the end of upstream support for the 411 branch, the version of xen in the oldstable distribution (buster) is no longer supported If you rely on security support for your Xen installation an ...
Red Hat: CVE-2021-28699
No description is available for this CVE ...
Citrix Security Bulletins: Citrix Hypervisor Security Update
Description of Problem Several security issues have been discovered in Citrix Hypervisor that, collectively, may allow privileged code in a guest VM to compromise or crash the hostThese issues have the following identifiers:  CVE-IDDescriptionPre-requisitesCVE-2021-28694Host denial of serviceMalicious privileged code execution in a guest VM r ...

Mailing Lists

Full Disclosure: Xen Security Advisory 382 v2 (CVE-2021-28699) - inadequate grant-v2 status frames array bounds check
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Xen Security Advisory 382 v2 (CVE-2021-28699) - inadequate grant-v2 status frames array bounds check <!--X-Subject-Header-End- ...

References

NVD-CWE-noinfohttps://xenbits.xenproject.org/xsa/advisory-382.txthttps://www.debian.org/security/2021/dsa-4977https://security.gentoo.org/glsa/202208-23https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4977
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120CVE-2024-35921CVE-2024-35874brute forceCVE-2024-36080unprivilegedCVE-2024-35917IDORCVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook