CVE-2021-28709
First published: Wed Nov 24 2021(Updated: )
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)
Credit: security@xen.org security@xen.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/xen | <=4.11.4+107-gef32c7afa2-1 | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.1+2-gb773c48e36-1 4.17.2+55-g0b56bed864-1 |
| Xen XAPI | >=3.4.0<=4.12.4 | |
| Xen XAPI | >=4.13.0<=4.13.4 | |
| Xen XAPI | >=4.14.0<=4.14.3 | |
| Xen XAPI | =4.15.0 | |
| Xen XAPI | =4.15.1 | |
| Fedora | =34 | |
| Fedora | =35 | |
| Debian | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://xenbits.xen.org/xsa/advisory-389.html
- https://security-tracker.debian.org/tracker/CVE-2021-28709
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/
- https://www.debian.org/security/2021/dsa-5017
- https://xenbits.xenproject.org/xsa/advisory-389.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/
- https://security.gentoo.org/glsa/202402-07
Frequently Asked Questions
What is the severity of CVE-2021-28709?
CVE-2021-28709 is classified as a medium severity vulnerability affecting certain versions of Xen.
How do I fix CVE-2021-28709?
To fix CVE-2021-28709, update your Xen package to a version that is not affected by this vulnerability.
Which software versions are affected by CVE-2021-28709?
CVE-2021-28709 affects multiple versions of Xen, including but not limited to versions between 4.11.4 and 4.14.3.
What impact does CVE-2021-28709 have on system security?
CVE-2021-28709 can lead to potential exploitation through partially successful P2M updates, posing risks to the stability of x86 HVM and PVH guests.
Are there any known workarounds for CVE-2021-28709?
Currently, the recommended approach is to update to a patched version, as there are no reported workarounds for CVE-2021-28709.
- collector/security-tracker-debian
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/xen
- canonical/xen xapi
- version/xen xapi/3.4.0
- version/xen xapi/4.12.4
- version/xen xapi/4.13.0
- version/xen xapi/4.13.4
- version/xen xapi/4.14.0
- version/xen xapi/4.14.3
- version/xen xapi/4.15.0
- version/xen xapi/4.15.1
- vendor/fedoraproject
- canonical/fedora
- version/fedora/34
- version/fedora/35
- vendor/debian
- canonical/debian
- version/debian/11.0