{"api_version":"1","generated_at":"2026-05-13T07:41:01+00:00","cve":"CVE-2021-26930","urls":{"html":"https://cve.report/CVE-2021-26930","api":"https://cve.report/api/cve/CVE-2021-26930.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-26930","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-26930"},"summary":{"title":"CVE-2021-26930","description":"An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-02-17 01:15:00","updated_at":"2023-11-07 03:31:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/","name":"FEDORA-2021-7143aca8cb","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: kernel-5.10.18-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://xenbits.xen.org/xsa/advisory-365.html","name":"http://xenbits.xen.org/xsa/advisory-365.html","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"XSA-365 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html","name":"[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2586-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html","name":"[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2610-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20210326-0001/","name":"https://security.netapp.com/advisory/ntap-20210326-0001/","refsource":"CONFIRM","tags":[],"title":"February 2021 Linux Kernel Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/","name":"FEDORA-2021-8d45d297c6","refsource":"FEDORA","tags":["Mailing List","Patch","Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: kernel-5.10.18-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/","name":"FEDORA-2021-8d45d297c6","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: kernel-5.10.18-100.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/","name":"FEDORA-2021-7143aca8cb","refsource":"FEDORA","tags":["Mailing List","Patch","Third Party Advisory"],"title":"[SECURITY] Fedora 33 Update: kernel-5.10.18-200.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-26930","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26930","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"26930","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26930","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26930","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26930","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26930","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"26930","vulnerable":"1","versionEndIncluding":"5.10.16","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-26930","qid":"159132","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9135)"},{"cve":"CVE-2021-26930","qid":"159133","title":"Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9136)"},{"cve":"CVE-2021-26930","qid":"174764","title":"SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0738-1)"},{"cve":"CVE-2021-26930","qid":"174768","title":"SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0735-1)"},{"cve":"CVE-2021-26930","qid":"174770","title":"SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0741-1)"},{"cve":"CVE-2021-26930","qid":"174772","title":"SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0737-1)"},{"cve":"CVE-2021-26930","qid":"174774","title":"SUSE Enterprise Linux Security update for the Linux Kernel (SUSE-SU-2021:0740-1)"},{"cve":"CVE-2021-26930","qid":"174897","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1175-1)"},{"cve":"CVE-2021-26930","qid":"174916","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:1210-1)"},{"cve":"CVE-2021-26930","qid":"174950","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 21 for SLE 15) (SUSE-SU-2021:1344-1)"},{"cve":"CVE-2021-26930","qid":"174954","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (SUSE-SU-2021:1373-1)"},{"cve":"CVE-2021-26930","qid":"174955","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 17 for SLE 15 SP1) (SUSE-SU-2021:1365-1)"},{"cve":"CVE-2021-26930","qid":"178507","title":"Debian Security Update for linux-4.19 (DLA 2610-1)"},{"cve":"CVE-2021-26930","qid":"178679","title":"Debian Security Update for linux-4.19 (DLA 2690-1)"},{"cve":"CVE-2021-26930","qid":"178680","title":"Debian Security Update for linux (DLA 2689-1)"},{"cve":"CVE-2021-26930","qid":"179554","title":"Debian Security Update for linux (CVE-2021-26930)"},{"cve":"CVE-2021-26930","qid":"198323","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4904-1)"},{"cve":"CVE-2021-26930","qid":"198325","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4909-1)"},{"cve":"CVE-2021-26930","qid":"198366","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4949-1)"},{"cve":"CVE-2021-26930","qid":"198371","title":"Ubuntu Security Notification for Linux kernel vulnerabilities (USN-4946-1)"},{"cve":"CVE-2021-26930","qid":"352244","title":"Amazon Linux Security Advisory for kernel: ALAS-2021-1487"},{"cve":"CVE-2021-26930","qid":"352254","title":"Amazon Linux Security Advisory for kernel: ALAS2-2021-1616"},{"cve":"CVE-2021-26930","qid":"353100","title":"Amazon Linux Security Advisory for kernel : ALAC2012-2021-024"},{"cve":"CVE-2021-26930","qid":"353101","title":"Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2021-025"},{"cve":"CVE-2021-26930","qid":"353102","title":"Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2021-026"},{"cve":"CVE-2021-26930","qid":"353150","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-001"},{"cve":"CVE-2021-26930","qid":"379053","title":"Citrix XenServer Security Updates (CTX296603)"},{"cve":"CVE-2021-26930","qid":"6140400","title":"AWS Bottlerocket Security Update for kernel (GHSA-h45x-5xwm-6f63)"},{"cve":"CVE-2021-26930","qid":"671723","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-1780)"},{"cve":"CVE-2021-26930","qid":"750324","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:0393-1)"},{"cve":"CVE-2021-26930","qid":"900098","title":"CBL-Mariner Linux Security Update for kernel 5.4.91"},{"cve":"CVE-2021-26930","qid":"902833","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3895)"},{"cve":"CVE-2021-26930","qid":"905804","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (3895-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-26930","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"http://xenbits.xen.org/xsa/advisory-365.html","refsource":"MISC","name":"http://xenbits.xen.org/xsa/advisory-365.html"},{"refsource":"FEDORA","name":"FEDORA-2021-8d45d297c6","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/"},{"refsource":"FEDORA","name":"FEDORA-2021-7143aca8cb","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210326-0001/","url":"https://security.netapp.com/advisory/ntap-20210326-0001/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210330 [SECURITY] [DLA 2610-1] linux-4.19 security update","url":"https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"}]}},"nvd":{"publishedDate":"2021-02-17 01:15:00","lastModifiedDate":"2023-11-07 03:31:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndIncluding":"5.10.16","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"26930","Ordinal":"202012","Title":"CVE-2021-26930","CVE":"CVE-2021-26930","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"26930","Ordinal":"1","NoteData":"An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"26930","Ordinal":"2","NoteData":"2021-02-16","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"26930","Ordinal":"3","NoteData":"2021-03-30","Type":"Other","Title":"Modified"}]}}}