CVE-2021-28038

Name
CVE-2021-28038
Description
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch http://xenbits.xen.org/xsa/advisory-367.html
Mailing List http://www.openwall.com/lists/oss-security/2021/03/05/1
Mailing List https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
MLIST https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
CONFIRM https://security.netapp.com/advisory/ntap-20210409-0001/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None <= 5.11.3
cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:* xen == None == -

Vulnerable and fixed packages

Source package Branch Version Maintainer Status