CVE-2021-28707
Summary
| CVE | CVE-2021-28707 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-24 01:15:00 UTC |
| Updated | 2024-02-04 08:15:00 UTC |
| Description | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2). |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Xen | Xen | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security | security.gentoo.org | ||
| [SECURITY] Fedora 35 Update: xen-4.15.1-4.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 35 Update: xen-4.15.1-4.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: xen-4.14.3-3.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Debian -- Security Information -- DSA-5017-1 xen | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 34 Update: xen-4.14.3-3.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| xenbits.xenproject.org/xsa/advisory-388.txt | MISC | xenbits.xenproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Array
Legacy QID Mappings
- 178928 Debian Security Update for xen (DSA 5017-1)
- 183936 Debian Security Update for xen (CVE-2021-28707)
- 282100 Fedora Security Update for xen (FEDORA-2021-2b3a2de94f)
- 282136 Fedora Security Update for xen (FEDORA-2021-03645e9807)
- 500805 Alpine Linux Security Update for xen
- 501522 Alpine Linux Security Update for xen
- 501800 Alpine Linux Security Update for xen
- 504547 Alpine Linux Security Update for xen
- 710858 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)
- 751411 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3852-1)
- 751414 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3851-1)
- 751417 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3842-1)
- 751422 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3849-1)
- 751454 OpenSUSE Security Update for xen (openSUSE-SU-2021:1543-1)
- 751474 OpenSUSE Security Update for xen (openSUSE-SU-2021:3968-1)
- 751477 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3977-1)