CVE-2021-28699
First published: Fri Aug 27 2021(Updated: )
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.
Credit: security@xen.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen Xen | >=4.10.0 | |
| Fedoraproject Fedora | =33 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Debian Debian Linux | =11.0 | |
| debian/xen | <=4.11.4+107-gef32c7afa2-1 | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.1+2-gb773c48e36-1 4.17.2+55-g0b56bed864-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/
- https://security.gentoo.org/glsa/202208-23
- https://www.debian.org/security/2021/dsa-4977
- https://xenbits.xenproject.org/xsa/advisory-382.txt
- https://xenbits.xen.org/xsa/advisory-382.html
- https://security-tracker.debian.org/tracker/CVE-2021-28699
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/
Frequently Asked Questions
What is CVE-2021-28699?
CVE-2021-28699 is a vulnerability that involves an inadequate grant-v2 status frames array bounds check in Xen.
What is the severity of CVE-2021-28699?
CVE-2021-28699 has a severity rating of 5.5 (medium).
How does CVE-2021-28699 impact Xen?
CVE-2021-28699 can allow a guest to cause a host denial of service or potentially execute arbitrary code.
Which software versions are affected by CVE-2021-28699?
Xen versions up to and including 4.11.4+107-gef32c7afa2-1, as well as Debian 11.0, Fedora 33, Fedora 34, and Fedora 35, are affected by CVE-2021-28699.
How can I fix CVE-2021-28699?
To fix CVE-2021-28699, you should update to Xen version 4.14.6-1 or later, or apply the appropriate updates provided by your Linux distribution.
- collector/nvd-index
- collector/security-tracker-debian
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/xen
- canonical/xen xen
- version/xen xen/4.10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- package-manager/debian