CVE-2021-28701

CVE	CVE-2021-28701
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-09-08 14:15:00 UTC
Updated	2023-11-07 03:32:00 UTC
Description	Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.

Problem Types: CWE-362

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Xen	Xen	All	All	All	All

Reference	Source	Link	Tags
XSA-384 - Xen Security Advisories	CONFIRM	xenbits.xen.org
xenbits.xenproject.org/xsa/advisory-384.txt	MISC	xenbits.xenproject.org
[SECURITY] Fedora 34 Update: xen-4.14.2-4.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 33 Update: xen-4.14.2-4.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Xen: Multiple Vulnerabilities (GLSA 202208-23) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] Fedora 35 Update: xen-4.15.0-7.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Debian -- Security Information -- DSA-4977-1 xen	DEBIAN	www.debian.org
oss-security - Xen Security Advisory 384 v3 (CVE-2021-28701) - Another race in XENMAPSPACE_grant_table handling	MLIST	www.openwall.com
[SECURITY] Fedora 35 Update: xen-4.15.0-7.fc35 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 34 Update: xen-4.14.2-4.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 33 Update: xen-4.14.2-4.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

LEGACY: Array

178798 Debian Security Update for xen (DSA 4977-1)
184978 Debian Security Update for xen (CVE-2021-28701)
281909 Fedora Security Update for xen (FEDORA-2021-11577e5229)
281917 Fedora Security Update for xen (FEDORA-2021-fed53cbc7d)
379051 Citrix XenServer Security Updates (CTX325319)
390249 Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2021-0033)
500802 Alpine Linux Security Update for xen
501520 Alpine Linux Security Update for xen
501798 Alpine Linux Security Update for xen
504545 Alpine Linux Security Update for xen
710600 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202208-23)
751151 OpenSUSE Security Update for xen (openSUSE-SU-2021:3140-1)
751154 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3181-1)
751158 OpenSUSE Security Update for xen (openSUSE-SU-2021:1301-1)
751165 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3213-1)
751417 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3842-1)
751422 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3849-1)
751477 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3977-1)