{"api_version":"1","generated_at":"2026-04-23T02:58:09+00:00","cve":"CVE-2021-28706","urls":{"html":"https://cve.report/CVE-2021-28706","api":"https://cve.report/api/cve/CVE-2021-28706.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-28706","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-28706"},"summary":{"title":"CVE-2021-28706","description":"guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.","state":"PUBLIC","assigner":"security@xen.org","published_at":"2021-11-24 01:15:00","updated_at":"2024-02-04 08:15:00"},"problem_types":["CWE-770"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202402-07","name":"GLSA-202402-07","refsource":"","tags":[],"title":"Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/","name":"FEDORA-2021-03645e9807","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: xen-4.15.1-4.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/","name":"FEDORA-2021-03645e9807","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: xen-4.15.1-4.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/","name":"FEDORA-2021-2b3a2de94f","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.3-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2021/dsa-5017","name":"DSA-5017","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5017-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/","name":"FEDORA-2021-2b3a2de94f","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.3-3.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://xenbits.xenproject.org/xsa/advisory-385.txt","name":"https://xenbits.xenproject.org/xsa/advisory-385.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-28706","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28706","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Array","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"28706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"28706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"28706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"28706","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-28706","qid":"178928","title":"Debian Security Update for xen (DSA 5017-1)"},{"cve":"CVE-2021-28706","qid":"184152","title":"Debian Security Update for xen (CVE-2021-28706)"},{"cve":"CVE-2021-28706","qid":"282100","title":"Fedora Security Update for xen (FEDORA-2021-2b3a2de94f)"},{"cve":"CVE-2021-28706","qid":"282136","title":"Fedora Security Update for xen (FEDORA-2021-03645e9807)"},{"cve":"CVE-2021-28706","qid":"390253","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2022-0004)"},{"cve":"CVE-2021-28706","qid":"390255","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2022-0003)"},{"cve":"CVE-2021-28706","qid":"500805","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2021-28706","qid":"500806","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2021-28706","qid":"501523","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2021-28706","qid":"501801","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2021-28706","qid":"710858","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)"},{"cve":"CVE-2021-28706","qid":"751411","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3852-1)"},{"cve":"CVE-2021-28706","qid":"751414","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3851-1)"},{"cve":"CVE-2021-28706","qid":"751417","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3842-1)"},{"cve":"CVE-2021-28706","qid":"751422","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3849-1)"},{"cve":"CVE-2021-28706","qid":"751454","title":"OpenSUSE Security Update for xen (openSUSE-SU-2021:1543-1)"},{"cve":"CVE-2021-28706","qid":"751474","title":"OpenSUSE Security Update for xen (openSUSE-SU-2021:3968-1)"},{"cve":"CVE-2021-28706","qid":"751477","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:3977-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@xen.org","ID":"CVE-2021-28706","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"xen","version":{"version_data":[{"version_value":"4.12.x"}]}},{"product_name":"xen","version":{"version_data":[{"version_affected":"?<","version_value":"4.12"},{"version_affected":">=","version_value":"4.14.x"},{"version_affected":"!>","version_value":"4.15.x"}]}},{"product_name":"xen","version":{"version_data":[{"version_value":"xen-unstable"}]}},{"product_name":"xen","version":{"version_data":[{"version_value":"4.13.x"}]}}]},"vendor_name":"Xen"}]}},"configuration":{"configuration_data":{"description":{"description_data":[{"lang":"eng","value":"All Xen versions from at least 3.2 onwards are affected.\n\nOn x86, only Xen builds with the BIGMEM configuration option enabled are\naffected.  (This option is off by default.)\n\nOnly hosts with more than 16 TiB of memory are affected."}]}}},"credit":{"credit_data":{"description":{"description_data":[{"lang":"eng","value":"This issue was discovered by Julien Grall of Amazon."}]}}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound."}]},"impact":{"impact_data":{"description":{"description_data":[{"lang":"eng","value":"A guest may be able too allocate unbounded amounts of memory to itself.\nThis may result in a Denial of Service (DoS) affecting the entire host."}]}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unknown"}]}]},"references":{"reference_data":[{"url":"https://xenbits.xenproject.org/xsa/advisory-385.txt","refsource":"MISC","name":"https://xenbits.xenproject.org/xsa/advisory-385.txt"},{"refsource":"FEDORA","name":"FEDORA-2021-03645e9807","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/"},{"refsource":"DEBIAN","name":"DSA-5017","url":"https://www.debian.org/security/2021/dsa-5017"},{"refsource":"FEDORA","name":"FEDORA-2021-2b3a2de94f","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/"}]},"workaround":{"workaround_data":{"description":{"description_data":[{"lang":"eng","value":"Setting the maximum amount of memory a guest may allocate to strictly\nless than 1023 GiB will avoid the vulnerability."}]}}}},"nvd":{"publishedDate":"2021-11-24 01:15:00","lastModifiedDate":"2024-02-04 08:15:00","problem_types":["CWE-770"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2","versionEndExcluding":"4.12","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"28706","Ordinal":"203882","Title":"CVE-2021-28706","CVE":"CVE-2021-28706","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"28706","Ordinal":"1","NoteData":"guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"28706","Ordinal":"2","NoteData":"2021-11-23","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"28706","Ordinal":"3","NoteData":"2021-12-08","Type":"Other","Title":"Modified"}]}}}