CVE-2021-28701

Name
CVE-2021-28701
Description
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://xenbits.xenproject.org/xsa/advisory-384.txt
CONFIRM http://xenbits.xen.org/xsa/advisory-384.html
MLIST http://www.openwall.com/lists/oss-security/2021/09/08/2
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/
DEBIAN https://www.debian.org/security/2021/dsa-4977
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* xen >= 4.0.0 <= None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen 3.11-main 4.13.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.12-main 4.13.4-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.13-main 4.14.5-r7 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.14-main 4.15.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.15-main 4.15.5-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.19-main 4.18.2-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.18-main 4.17.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.17-main 4.16.6-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.16-main 4.16.6-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.20-main 4.18.2-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.18.2-r2 Natanael Copa <ncopa@alpinelinux.org> fixed