Vulnerability CVE-2021-28699

Vulnerability Name:

CVE-2021-28699 (CCN-208176)

Assigned:

2021-08-25

Published:

2021-08-25

Updated:

2022-09-28

Summary:

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-28699

Source: CCN
Type: Xen Security Advisory XSA-382
inadequate grant-v2 status frames array bounds check

Source: XF
Type: UNKNOWN
xen-cve202128699-dos(208176)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-081f9bf5d2

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-d68ed12e46

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-4f129cc0c1

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-23

Source: DEBIAN
Type: Third Party Advisory
DSA-4977

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-28699

Source: MISC
Type: Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-382.txt

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:*:* (Version >= 4.10.0

Configuration 2:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:4.11:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.12:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.13:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.14:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.12.3:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.12.4:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.13.1:*:*:*:*:*:*:*

OR cpe:/a:xensource:xen:4.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7987	P	apache-commons-compress-1.21-150200.3.13.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8050	P	perl-Archive-Extract-0.80-1.24 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51952	P	Security update for libX11 (Moderate)	2022-11-15
oval:org.opensuse.security:def:767	P	Security update for sqlite3 (Moderate)	2022-09-19
oval:org.opensuse.security:def:95375	P	Security update for MozillaThunderbird (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:3225	P	libopus0-1.1-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3479	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3535	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3668	P	librelp0-1.2.12-3.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94855	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94591	P	kernel-firmware-all-20220119-150400.2.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95165	P	xen-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:388	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:93134	P	(Important)	2022-05-10
oval:org.opensuse.security:def:102088	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:99733	P	(Important)	2022-04-13
oval:org.opensuse.security:def:6160	P	Security update for apache2 (Important)	2022-02-16
oval:org.opensuse.security:def:111049	P	Security update for xen (Important)	2021-09-07
oval:org.opensuse.security:def:84207	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57502	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86645	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:51654	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:84665	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:23666	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58004	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:87461	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31679	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:85729	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58820	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57088	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86143	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:8650	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:59534	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88501	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:127162	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:99141	P	(Important)	2021-09-03
oval:org.opensuse.security:def:59792	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89189	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:70290	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:125597	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:69536	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89447	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:10150	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33969	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:23964	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88185	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:126765	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:9396	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:91996	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99674	P	(Important)	2021-09-02
oval:org.opensuse.security:def:34528	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69076	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:26117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:76317	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9585	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92783	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101498	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69924	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102758	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64757	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:109424	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:118520	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73690	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:8835	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92191	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99988	P	(Important)	2021-09-02
oval:org.opensuse.security:def:69139	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100043	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:111699	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9784	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92981	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102203	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99139	P	(Important)	2021-09-02
oval:org.opensuse.security:def:66916	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73879	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9030	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92385	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100324	P	(Important)	2021-09-02
oval:org.opensuse.security:def:101304	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:60351	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:107970	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:5104	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:70475	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99411	P	(Important)	2021-09-02
oval:org.opensuse.security:def:67249	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99534	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:75984	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:96068	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:42117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92584	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100653	P	(Important)	2021-09-02
oval:org.opensuse.security:def:5827	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69725	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64568	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:98946	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:108754	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:117484	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:10335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:93287	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:1627	P	Security update for xen (Important)	2021-09-02

BACK