admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-24 01:01:08 +00:00
parent e4b6deb8c6
commit 2e111e7fb1
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
4 changed files with 558 additions and 546 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

271
2021/28xxx/CVE-2021-28704.json
View File

@ -1,136 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28704"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "xen-unstable"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : ">=",
"version_value" : "4.12.x"
},
{
"version_affected" : "!>",
"version_value" : "4.14.x"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "4.15.x"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "xen-unstable"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "4.12.x"
},
{
"version_affected": "!>",
"version_value": "4.14.x"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "4.15.x"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions from 4.7 onwards are affected. Xen versions 4.6 and\nolder are not affected.\n\nOnly x86 HVM and PVH guests started in populate-on-demand mode can\nleverage the vulnerability. Populate-on-demand mode is activated\nwhen the guest's xl configuration file specifies a \"maxmem\" value which\nis larger than the \"memory\" value."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions from 4.7 onwards are affected. Xen versions 4.6 and\nolder are not affected.\n\nOnly x86 HVM and PVH guests started in populate-on-demand mode can\nleverage the vulnerability. Populate-on-demand mode is activated\nwhen the guest's xl configuration file specifies a \"maxmem\" value which\nis larger than the \"memory\" value."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PoD operations on misaligned GFNs\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nx86 HVM and PVH guests may be started in populate-on-demand (PoD) mode,\nto provide a way for them to later easily have more memory assigned.\n\nGuests are permitted to control certain P2M aspects of individual\npages via hypercalls. These hypercalls may act on ranges of pages\nspecified via page orders (resulting in a power-of-2 number of pages).\nThe implementation of some of these hypercalls for PoD does not\nenforce the base page frame number to be suitably aligned for the\nspecified order, yet some code involved in PoD handling actually makes\nsuch an assumption.\n\nThese operations are XENMEM_decrease_reservation (CVE-2021-28704) and\nXENMEM_populate_physmap (CVE-2021-28707), the latter usable only by\ndomains controlling the guest, i.e. a de-privileged qemu or a stub\ndomain. (Patch 1, combining the fix to both these two issues.)\n\nIn addition handling of XENMEM_decrease_reservation can also trigger a\nhost crash when the specified page order is neither 4k nor 2M nor 1G\n(CVE-2021-28708, patch 2)."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Malicious or buggy guest kernels may be able to mount a Denial of\nService (DoS) attack affecting the entire system. Privilege escalation\nand information leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-388.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not starting x86 HVM or PVH guests in populate-on-demand mode will avoid\nthe vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2)."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious or buggy guest kernels may be able to mount a Denial of\nService (DoS) attack affecting the entire system. Privilege escalation\nand information leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-388.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-388.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not starting x86 HVM or PVH guests in populate-on-demand mode will avoid\nthe vulnerability."
}
]
}
}
}
}

291
2021/28xxx/CVE-2021-28706.json
View File

@ -1,146 +1,149 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28706"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "4.12.x"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : ">=",
"version_value" : "4.14.x"
},
{
"version_affected" : "!>",
"version_value" : "4.15.x"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "xen-unstable"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "4.13.x"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "4.12.x"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "4.14.x"
},
{
"version_affected": "!>",
"version_value": "4.15.x"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "xen-unstable"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "4.13.x"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions from at least 3.2 onwards are affected.\n\nOn x86, only Xen builds with the BIGMEM configuration option enabled are\naffected. (This option is off by default.)\n\nOnly hosts with more than 16 TiB of memory are affected."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions from at least 3.2 onwards are affected.\n\nOn x86, only Xen builds with the BIGMEM configuration option enabled are\naffected. (This option is off by default.)\n\nOnly hosts with more than 16 TiB of memory are affected."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Julien Grall of Amazon."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "guests may exceed their designated memory limit\n\nWhen a guest is permitted to have close to 16TiB of memory, it may be\nable to issue hypercalls to increase its memory allocation beyond the\nadministrator established limit. This is a result of a calculation\ndone with 32-bit precision, which may overflow. It would then only\nbe the overflowed (and hence small) number which gets compared against\nthe established upper bound."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A guest may be able too allocate unbounded amounts of memory to itself.\nThis may result in a Denial of Service (DoS) affecting the entire host."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-385.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Setting the maximum amount of memory a guest may allocate to strictly\nless than 1023 GiB will avoid the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Julien Grall of Amazon."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "A guest may be able too allocate unbounded amounts of memory to itself.\nThis may result in a Denial of Service (DoS) affecting the entire host."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-385.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-385.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Setting the maximum amount of memory a guest may allocate to strictly\nless than 1023 GiB will avoid the vulnerability."
}
]
}
}
}
}

271
2021/28xxx/CVE-2021-28707.json
View File

@ -1,136 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28707"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "xen-unstable"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : ">=",
"version_value" : "4.12.x"
},
{
"version_affected" : "!>",
"version_value" : "4.14.x"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "4.15.x"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "xen-unstable"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "4.12.x"
},
{
"version_affected": "!>",
"version_value": "4.14.x"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "4.15.x"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions from 4.7 onwards are affected. Xen versions 4.6 and\nolder are not affected.\n\nOnly x86 HVM and PVH guests started in populate-on-demand mode can\nleverage the vulnerability. Populate-on-demand mode is activated\nwhen the guest's xl configuration file specifies a \"maxmem\" value which\nis larger than the \"memory\" value."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions from 4.7 onwards are affected. Xen versions 4.6 and\nolder are not affected.\n\nOnly x86 HVM and PVH guests started in populate-on-demand mode can\nleverage the vulnerability. Populate-on-demand mode is activated\nwhen the guest's xl configuration file specifies a \"maxmem\" value which\nis larger than the \"memory\" value."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PoD operations on misaligned GFNs\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nx86 HVM and PVH guests may be started in populate-on-demand (PoD) mode,\nto provide a way for them to later easily have more memory assigned.\n\nGuests are permitted to control certain P2M aspects of individual\npages via hypercalls. These hypercalls may act on ranges of pages\nspecified via page orders (resulting in a power-of-2 number of pages).\nThe implementation of some of these hypercalls for PoD does not\nenforce the base page frame number to be suitably aligned for the\nspecified order, yet some code involved in PoD handling actually makes\nsuch an assumption.\n\nThese operations are XENMEM_decrease_reservation (CVE-2021-28704) and\nXENMEM_populate_physmap (CVE-2021-28707), the latter usable only by\ndomains controlling the guest, i.e. a de-privileged qemu or a stub\ndomain. (Patch 1, combining the fix to both these two issues.)\n\nIn addition handling of XENMEM_decrease_reservation can also trigger a\nhost crash when the specified page order is neither 4k nor 2M nor 1G\n(CVE-2021-28708, patch 2)."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Malicious or buggy guest kernels may be able to mount a Denial of\nService (DoS) attack affecting the entire system. Privilege escalation\nand information leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-388.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not starting x86 HVM or PVH guests in populate-on-demand mode will avoid\nthe vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2)."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious or buggy guest kernels may be able to mount a Denial of\nService (DoS) attack affecting the entire system. Privilege escalation\nand information leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-388.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-388.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not starting x86 HVM or PVH guests in populate-on-demand mode will avoid\nthe vulnerability."
}
]
}
}
}
}

271
2021/28xxx/CVE-2021-28708.json
View File

@ -1,136 +1,139 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2021-28708"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "xen-unstable"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?<",
"version_value" : "4.12"
},
{
"version_affected" : ">=",
"version_value" : "4.12.x"
},
{
"version_affected" : "!>",
"version_value" : "4.14.x"
}
]
}
},
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_value" : "4.15.x"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "xen-unstable"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "4.12.x"
},
{
"version_affected": "!>",
"version_value": "4.14.x"
}
]
}
},
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_value": "4.15.x"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions from 4.7 onwards are affected. Xen versions 4.6 and\nolder are not affected.\n\nOnly x86 HVM and PVH guests started in populate-on-demand mode can\nleverage the vulnerability. Populate-on-demand mode is activated\nwhen the guest's xl configuration file specifies a \"maxmem\" value which\nis larger than the \"memory\" value."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions from 4.7 onwards are affected. Xen versions 4.6 and\nolder are not affected.\n\nOnly x86 HVM and PVH guests started in populate-on-demand mode can\nleverage the vulnerability. Populate-on-demand mode is activated\nwhen the guest's xl configuration file specifies a \"maxmem\" value which\nis larger than the \"memory\" value."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PoD operations on misaligned GFNs\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nx86 HVM and PVH guests may be started in populate-on-demand (PoD) mode,\nto provide a way for them to later easily have more memory assigned.\n\nGuests are permitted to control certain P2M aspects of individual\npages via hypercalls. These hypercalls may act on ranges of pages\nspecified via page orders (resulting in a power-of-2 number of pages).\nThe implementation of some of these hypercalls for PoD does not\nenforce the base page frame number to be suitably aligned for the\nspecified order, yet some code involved in PoD handling actually makes\nsuch an assumption.\n\nThese operations are XENMEM_decrease_reservation (CVE-2021-28704) and\nXENMEM_populate_physmap (CVE-2021-28707), the latter usable only by\ndomains controlling the guest, i.e. a de-privileged qemu or a stub\ndomain. (Patch 1, combining the fix to both these two issues.)\n\nIn addition handling of XENMEM_decrease_reservation can also trigger a\nhost crash when the specified page order is neither 4k nor 2M nor 1G\n(CVE-2021-28708, patch 2)."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Malicious or buggy guest kernels may be able to mount a Denial of\nService (DoS) attack affecting the entire system. Privilege escalation\nand information leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-388.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not starting x86 HVM or PVH guests in populate-on-demand mode will avoid\nthe vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2)."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Malicious or buggy guest kernels may be able to mount a Denial of\nService (DoS) attack affecting the entire system. Privilege escalation\nand information leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-388.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-388.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not starting x86 HVM or PVH guests in populate-on-demand mode will avoid\nthe vulnerability."
}
]
}
}
}
}