CVE-2021-28038

Name
CVE-2021-28038
Description
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch http://xenbits.xen.org/xsa/advisory-367.html
Mailing List http://www.openwall.com/lists/oss-security/2021/03/05/1
Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
MLIST https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
CONFIRM https://security.netapp.com/advisory/ntap-20210409-0001/
cve@mitre.org https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None <= 5.11.3
cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:* xen == None == -
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 2.6.39 < 4.4.260
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.5.0 < 4.9.260
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.10.0 < 4.14.224
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.15.0 < 4.19.179
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 4.20.0 < 5.4.103
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.10.0 < 5.10.21
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.11.0 < 5.11.4
cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:* linux_kernel == None == 5.12

Vulnerable and fixed packages

Source package Branch Version Maintainer Status