{"api_version":"1","generated_at":"2026-04-23T11:34:40+00:00","cve":"CVE-2021-28715","urls":{"html":"https://cve.report/CVE-2021-28715","api":"https://cve.report/api/cve/CVE-2021-28715.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-28715","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-28715"},"summary":{"title":"CVE-2021-28715","description":"Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)","state":"PUBLIC","assigner":"security@xen.org","published_at":"2022-01-06 18:15:00","updated_at":"2023-08-08 14:22:00"},"problem_types":["CWE-770"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html","name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2941-1] linux-4.19 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html","name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2940-1] linux security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://xenbits.xenproject.org/xsa/advisory-392.txt","name":"https://xenbits.xenproject.org/xsa/advisory-392.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5050","name":"DSA-5050","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5050-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5096","name":"DSA-5096","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5096-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-28715","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28715","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Array","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"28715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"28715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"28715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"28715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-28715","qid":"179012","title":"Debian Security Update for linux (DSA 5050-1)"},{"cve":"CVE-2021-28715","qid":"179117","title":"Debian Security Update for linux (DSA 5096-1)"},{"cve":"CVE-2021-28715","qid":"179118","title":"Debian Security Update for linux (DLA 2940-1)"},{"cve":"CVE-2021-28715","qid":"179119","title":"Debian Security Update for linux-4.19 (DLA 2941-1)"},{"cve":"CVE-2021-28715","qid":"182176","title":"Debian Security Update for linux (CVE-2021-28715)"},{"cve":"CVE-2021-28715","qid":"198659","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5278-1)"},{"cve":"CVE-2021-28715","qid":"198678","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5298-1)"},{"cve":"CVE-2021-28715","qid":"198708","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5337-1)"},{"cve":"CVE-2021-28715","qid":"198709","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5338-1)"},{"cve":"CVE-2021-28715","qid":"198731","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5368-1)"},{"cve":"CVE-2021-28715","qid":"198740","title":"Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-5377-1)"},{"cve":"CVE-2021-28715","qid":"282190","title":"Fedora Security Update for kernel (FEDORA-2021-e6cbca1e9e)"},{"cve":"CVE-2021-28715","qid":"282191","title":"Fedora Security Update for kernel (FEDORA-2021-4f1a2cdf2e)"},{"cve":"CVE-2021-28715","qid":"353130","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-021"},{"cve":"CVE-2021-28715","qid":"353151","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-009"},{"cve":"CVE-2021-28715","qid":"353160","title":"Amazon Linux Security Advisory for kernel : ALAS2-2022-1749"},{"cve":"CVE-2021-28715","qid":"353161","title":"Amazon Linux Security Advisory for kernel : ALAS-2022-1563"},{"cve":"CVE-2021-28715","qid":"353242","title":"Amazon Linux Security Advisory for kernel : ALAC2012-2022-036"},{"cve":"CVE-2021-28715","qid":"353243","title":"Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037"},{"cve":"CVE-2021-28715","qid":"353244","title":"Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038"},{"cve":"CVE-2021-28715","qid":"354747","title":"Amazon Linux Security Advisory for kernel : ALAS-2023-1688"},{"cve":"CVE-2021-28715","qid":"376925","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)"},{"cve":"CVE-2021-28715","qid":"378918","title":"Citrix XenServer Security Updates (CTX335432)"},{"cve":"CVE-2021-28715","qid":"6140240","title":"AWS Bottlerocket Security Update for kernel (GHSA-g455-4qrw-xr6m)"},{"cve":"CVE-2021-28715","qid":"671505","title":"EulerOS Security Update for kernel (EulerOS-SA-2022-1489)"},{"cve":"CVE-2021-28715","qid":"751590","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0056-1)"},{"cve":"CVE-2021-28715","qid":"751600","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0068-1)"},{"cve":"CVE-2021-28715","qid":"751602","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0080-1)"},{"cve":"CVE-2021-28715","qid":"751622","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0131-1)"},{"cve":"CVE-2021-28715","qid":"751654","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0197-1)"},{"cve":"CVE-2021-28715","qid":"751695","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0367-1)"},{"cve":"CVE-2021-28715","qid":"751697","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0366-1)"},{"cve":"CVE-2021-28715","qid":"751698","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0362-1)"},{"cve":"CVE-2021-28715","qid":"751701","title":"OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0366-1)"},{"cve":"CVE-2021-28715","qid":"751702","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0371-1)"},{"cve":"CVE-2021-28715","qid":"751989","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0131-1)"},{"cve":"CVE-2021-28715","qid":"753133","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0181-1)"},{"cve":"CVE-2021-28715","qid":"753264","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0079-1)"},{"cve":"CVE-2021-28715","qid":"753355","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0056-1)"},{"cve":"CVE-2021-28715","qid":"900520","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (7166)"},{"cve":"CVE-2021-28715","qid":"906182","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (7166-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@xen.org","ID":"CVE-2021-28715","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Linux","version":{"version_data":[{"version_affected":"?","version_value":"consult Xen advisory XSA-392"}]}}]},"vendor_name":"Linux"}]}},"configuration":{"configuration_data":{"description":{"description_data":[{"lang":"eng","value":"All systems using the Linux kernel based network backend xen-netback\nare vulnerable."}]}}},"credit":{"credit_data":{"description":{"description_data":[{"lang":"eng","value":"This issue was discovered by  Jürgen Groß of SUSE."}]}}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)"}]},"impact":{"impact_data":{"description":{"description_data":[{"lang":"eng","value":"The Linux kernel's xen-netback backend driver can be forced by guests\nto queue arbitrary amounts of network data, finally causing an out of\nmemory situation in the domain the backend is running in (usually dom0)."}]}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unknown"}]}]},"references":{"reference_data":[{"url":"https://xenbits.xenproject.org/xsa/advisory-392.txt","refsource":"MISC","name":"https://xenbits.xenproject.org/xsa/advisory-392.txt"},{"refsource":"DEBIAN","name":"DSA-5050","url":"https://www.debian.org/security/2022/dsa-5050"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"},{"refsource":"DEBIAN","name":"DSA-5096","url":"https://www.debian.org/security/2022/dsa-5096"}]},"workaround":{"workaround_data":{"description":{"description_data":[{"lang":"eng","value":"Using another PV network backend (e.g. the qemu based \"qnic\" backend)\nwill mitigate the problem.\n\nUsing a dedicated network driver domain per guest will mitigate the\nproblem."}]}}}},"nvd":{"publishedDate":"2022-01-06 18:15:00","lastModifiedDate":"2023-08-08 14:22:00","problem_types":["CWE-770"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"28715","Ordinal":"203891","Title":"CVE-2021-28715","CVE":"CVE-2021-28715","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"28715","Ordinal":"1","NoteData":"Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)","Type":"Description","Title":null},{"CveYear":"2021","CveId":"28715","Ordinal":"2","NoteData":"2022-01-06","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"28715","Ordinal":"3","NoteData":"2022-01-21","Type":"Other","Title":"Modified"}]}}}