VDB
CVE-2021-28706
CVE-2021-28706
PUBLISHED
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.
EPSS 0.16% · 35.9th percentile
Risk Scores
EPSS Score
0.16%
35.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | xen | 0, 4.6.0-1ubuntu4.3, 4.6.5-0ubuntu1 |
| Ubuntu:22.04:LTS | xen | 0, 4.16.0-1~ubuntu2, * |
| Ubuntu:18.04:LTS | xen | 0, 4.9.0-0ubuntu4, 4.9.0-0ubuntu3 |
| Ubuntu:24.04:LTS | xen | 4.17.3+10-g091466ba55-1, 4.17.2-1, 4.17.2+55-g0b56bed864-1 |
| Ubuntu:25.10 | xen | 4.20.0+68-g35cb38b222-1, 4.20.0-1ubuntu1, 0 |
| Ubuntu:20.04:LTS | xen | 0, 4.9.2-0ubuntu2, 4.9.2-0ubuntu6 |
Timeline
- Nov 23, 2021 CVE Published
- Nov 24, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 18, 2022 EPSS Score
- Mar 14, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 8, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Aug 27, 2022 EPSS Score
- Dec 15, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-28706 third-party-advisory
- https://xenbits.xen.org/xsa/advisory-385.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-28706 third-party-advisory