VDB
DEBIAN-CVE-2021-28706
DEBIAN-CVE-2021-28706
PUBLISHED
CVSS 8.600000381469727 HIGH
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | xen | 0, 0, 0 |
| Debian:13 | xen | 0, 0, 0 |
| Debian:14 | xen | 0, 0, 0 |
| Debian:11 | xen | 0, 4.14.2+25-gb6a8c4f72d-2, 4.14.3-1 |
Timeline
- Nov 24, 2021 CVE Published
- Apr 28, 2026 CVE Updated