{ "id": "CVE-2021-28701", "sourceIdentifier": "security@xen.org", "published": "2021-09-08T14:15:08.547", "lastModified": "2022-10-28T16:20:05.017", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed." }, { "lang": "es", "value": "Otra carrera en el manejo de la funci\u00f3n XENMAPSPACE_grant_table de los Hu\u00e9spedes, se les permite el acceso a determinadas p\u00e1ginas de memoria propiedad de Xen. La mayor\u00eda de estas p\u00e1ginas permanecen asignadas / asociadas a un hu\u00e9sped durante toda su vida. Las p\u00e1ginas de estado de la tabla Grant v2, sin embargo, se desasignan cuando un hu\u00e9sped cambia (de nuevo) de v2 a v1. Una liberaci\u00f3n de dichas p\u00e1ginas requiere que el hipervisor haga cumplir que ninguna petici\u00f3n paralela pueda resultar en la adici\u00f3n de un mapeo de dicha p\u00e1gina a un hu\u00e9sped. Esta aplicaci\u00f3n no exist\u00eda, permitiendo a los hu\u00e9spedes mantener el acceso a las p\u00e1ginas liberadas y quiz\u00e1s reusarlas para otros fines. Desafortunadamente, cuando fue preparada la XSA-379, no se advirti\u00f3 este problema similar" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.1, "impactScore": 6.0 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.4 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-362" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.0", "matchCriteriaId": "3E095C1C-0DC6-4380-9333-477B13273E9E" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA" } ] } ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2021/09/08/2", "source": "security@xen.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://xenbits.xen.org/xsa/advisory-384.html", "source": "security@xen.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3HEHUIUWSSMCQGQY3GWX4J2SZGYP5W2Z/", "source": "security@xen.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEHZLIR5DFYYQBH55AERWHLO54OFU42C/", "source": "security@xen.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4MI3MQAPGILCLXBGQWPZHGE3ALSO4ZU/", "source": "security@xen.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://security.gentoo.org/glsa/202208-23", "source": "security@xen.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2021/dsa-4977", "source": "security@xen.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://xenbits.xenproject.org/xsa/advisory-384.txt", "source": "security@xen.org", "tags": [ "Vendor Advisory" ] } ] }