"value":"All systems using the Linux kernel based network backend xen-netback\nare vulnerable."
}
]
}
}
},
"credit":{
"credit_data":{
"description":{
"description_data":[
{
"lang":"eng",
"value":"This issue was discovered by Jürgen Groß of SUSE."
}
]
}
}
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"description":{
"description_data":[
{
"lang":"eng",
"value":"Guest can force Linux netback driver to hog large amounts of kernel memory\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nIncoming data packets for a guest in the Linux kernel's netback driver\nare buffered until the guest is ready to process them. There are some\nmeasures taken for avoiding to pile up too much data, but those can\nbe bypassed by the guest:\n\nThere is a timeout how long the client side of an interface can stop\nconsuming new packets before it is assumed to have stalled, but this\ntimeout is rather long (60 seconds by default). Using a UDP connection\non a fast interface can easily accumulate gigabytes of data in that\ntime. (CVE-2021-28715)\n\nThe timeout could even never trigger if the guest manages to have only\none free slot in its RX queue ring page and the next package would\nrequire more than one free slot, which may be the case when using GSO,\nXDP, or software hashing. (CVE-2021-28714)"
}
]
},
"impact":{
"impact_data":{
"description":{
"description_data":[
{
"lang":"eng",
"value":"The Linux kernel's xen-netback backend driver can be forced by guests\nto queue arbitrary amounts of network data, finally causing an out of\nmemory situation in the domain the backend is running in (usually dom0)."
"value":"Using another PV network backend (e.g. the qemu based \"qnic\" backend)\nwill mitigate the problem.\n\nUsing a dedicated network driver domain per guest will mitigate the\nproblem."
