VDB
CVE-2021-28039
CVE-2021-28039
PUBLISHED
CVSS 2.0999999046325684 LOW
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
EPSS 0.14% · 33.8th percentile
Risk Scores
CVSS v2.0
2.0999999046325684
EPSS Score
0.14%
33.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| netapp | solidfire_baseboard_management_controller_firmware | |
| n/a | n/a | * |
| netapp | cloud_backup | |
| xen | xen | |
| linux | linux_kernel | 5.9.0 |
Timeline
- Mar 5, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- http://xenbits.xen.org/xsa/advisory-369.html url
- [oss-security] 20210305 Xen Security Advisory 369 v2 (CVE-2021-28039) - Linux: special config may crash when trying to map foreign pages mailing-list
- https://security.netapp.com/advisory/ntap-20210409-0001/ url
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=882213990d32fd224340a4533f6318dd152be4b2 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-28039 advisory
- https://security.netapp.com/advisory/ntap-20210409-0001 url