5.5

CVE-2021-26932

EPSS 0.19%
Published 17.02.2021 02:15:13
Last modified 21.11.2024 05:57:04
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.

Affected products Warnungen 0 Metrics 3 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.2 <= 5.10.16

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Debian ≫ Debian Linux Version9.0

Netapp ≫ Cloud Backup Version-

Netapp ≫ Solidfire, Enterprise Sds & Hci Storage Node Version-

Netapp ≫ Solidfire & Hci Management Node Version-

Netapp ≫ Hci Compute Node Version-

Netapp ≫ Hci H410c Firmware Version-

Netapp ≫ Hci H410c Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.407

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:N/A:P

https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/

https://security.netapp.com/advisory/ntap-20210326-0001/

Third Party Advisory

http://xenbits.xen.org/xsa/advisory-361.html

Patch

Third Party Advisory

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ebee0eab08594b2bd5db716288a4f1ae5936e9bc

https://nvd.nist.gov/vuln/detail/CVE-2021-26932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-26932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-26932

EUVD