6.5
CVE-2021-28038
- EPSS 0.13%
- Published 05.03.2021 18:15:13
- Last modified 21.11.2024 05:59:01
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.39 < 4.4.260
Linux ≫ Linux Kernel Version >= 4.5.0 < 4.9.260
Linux ≫ Linux Kernel Version >= 4.10.0 < 4.14.224
Linux ≫ Linux Kernel Version >= 4.15.0 < 4.19.179
Linux ≫ Linux Kernel Version >= 4.20.0 < 5.4.103
Linux ≫ Linux Kernel Version >= 5.10.0 < 5.10.21
Linux ≫ Linux Kernel Version >= 5.11.0 < 5.11.4
Linux ≫ Linux Kernel Version5.12 Updaterc1
Linux ≫ Linux Kernel Version5.12 Updaterc2
Debian ≫ Debian Linux Version9.0
Netapp ≫ Cloud Backup Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.334 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2 | 4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.