Vulnerability Details : CVE-2021-28038
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
Vulnerability category: Denial of service
Products affected by CVE-2021-28038
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.12:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.12:rc2:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-28038
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-28038
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
2.0
|
4.0
|
NIST |
CWE ids for CVE-2021-28038
-
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-28038
-
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
[SECURITY] [DLA 2586-1] linux security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210409-0001/
March 2021 Linux Kernel 5.11.3 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3
xen-netback: respect gnttab_map_refs()'s return value - kernel/git/torvalds/linux.git - Linux kernel source tree
-
http://www.openwall.com/lists/oss-security/2021/03/05/1
oss-security - Xen Security Advisory 367 v2 (CVE-2021-28038) - Linux: netback fails to honor grant mapping errorsMailing List;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
[SECURITY] [DLA 2610-1] linux-4.19 security updateThird Party Advisory
-
http://xenbits.xen.org/xsa/advisory-367.html
XSA-367 - Xen Security AdvisoriesPatch;Vendor Advisory
Jump to