Vulnerability CVE-2021-28687

Vulnerability Name:

CVE-2021-28687 (CCN-198385)

Assigned:

2021-03-18

Published:

2021-03-18

Updated:

2021-09-20

Summary:

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. The effect of this is to crash the process monitoring the guest. How this affects the system depends on the structure of the toolstack. For xl, this will have no security-relevant effect: every VM has its own independent monitoring process, which contains no state. The domain in question will hang in a crashed state, but can be destroyed by `xl destroy` just like any other non-cooperating domain. For daemon-based toolstacks linked against libxl, such as libvirt, this will crash the toolstack, losing the state of any in-progress operations (localized DoS), and preventing further administrator operations unless the daemon is configured to restart automatically (system-wide DoS). If crashes "leak" resources, then repeated crashes could use up resources, also causing a system-wide DoS.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-909

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-28687

Source: CCN
Type: Xen Security Advisory XSA-368
HVM soft-reset crashes toolstack

Source: XF
Type: UNKNOWN
xen-cve202128687-dos(198385)

Source: GENTOO
Type: Third Party Advisory
GLSA-202107-30

Source: MISC
Type: Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-368.txt

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:*:* (Version >= 4.12 and <= 4.15.0)

OR cpe:/o:xen:xen:4.15.0:rc1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:4.12:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.13:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.14:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7947	P	libmodplug-devel-0.3.28-2.13.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:635	P	Security update for rubygem-activesupport-5_1 (Moderate) (in QA)	2022-09-29
oval:org.opensuse.security:def:3535	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3369	P	squid-4.8-2.17 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3225	P	libopus0-1.1-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95181	P	bogofilter-common-1.2.4-1.40 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94855	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95165	P	xen-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:336	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:388	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:94481	P	(Important)	2022-03-07
oval:org.opensuse.security:def:101894	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:113591	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99445	P	(Important)	2021-12-22
oval:org.opensuse.security:def:106977	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96788	P	tpm2.0-tools-3.1.2-5.30 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:1265	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2021-09-16
oval:org.opensuse.security:def:101411	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63385	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2296	P	xen-4.14.1_16-1.6 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:72095	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101112	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62354	P	xen-libs-4.14.1_16-1.6 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101194	P	libical-devel-3.0.6-4.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99644	P	(Moderate)	2021-06-09
oval:org.opensuse.security:def:99951	P	(Important)	2021-06-02
oval:org.opensuse.security:def:93199	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:91906	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:9695	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:98856	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:92694	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:69636	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:8745	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:96917	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:92101	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:10246	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:99051	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:92893	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:69835	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:8940	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:92296	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:99246	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:93046	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:70386	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:9496	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:92495	P	Security update for xen (Important)	2021-04-30
oval:org.opensuse.security:def:111303	P	Security update for xen (Important)	2021-04-07
oval:org.opensuse.security:def:73580	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:109384	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:5011	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:75790	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:64458	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:42058	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:102718	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:107860	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:117375	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:60220	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:34397	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:66722	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:5633	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:108560	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:118480	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:96028	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:69036	P	Security update for xen (Important)	2021-04-06

BACK