mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
149 lines
5.4 KiB
JSON
149 lines
5.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@xen.org",
|
|
"ID": "CVE-2021-28700",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "xen",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "4.12.x"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "xen",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?<",
|
|
"version_value": "4.12"
|
|
},
|
|
{
|
|
"version_affected": ">=",
|
|
"version_value": "4.13.x"
|
|
},
|
|
{
|
|
"version_affected": "!>",
|
|
"version_value": "xen-unstable"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Xen"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"configuration": {
|
|
"configuration_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Only Arm systems are vulnerable. Only domains created using the\ndom0less feature are affected.\n\nOnly domains created using the dom0less feature can leverage the\nvulnerability.\n\nAll versions of Xen since 4.12 are vulnerable."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"credit": {
|
|
"credit_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This issue was discovered by Julien Grall of Amazon."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"impact_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Malicious dom0less guest could drive Xen out of memory and may\nresult to a Denial of Service (DoS) attack affecting the entire\nsystem."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "unknown"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://xenbits.xenproject.org/xsa/advisory-383.txt",
|
|
"refsource": "MISC",
|
|
"name": "https://xenbits.xenproject.org/xsa/advisory-383.txt"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2021-4f129cc0c1",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2021-d68ed12e46",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4977",
|
|
"url": "https://www.debian.org/security/2021/dsa-4977"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2021-081f9bf5d2",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/"
|
|
}
|
|
]
|
|
},
|
|
"workaround": {
|
|
"workaround_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "There is no known mitigation."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
} |