CVE-2021-28709

NameCVE-2021-28709
Descriptionissues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages). In some cases the hypervisor carries out the requests by splitting them into smaller chunks. Error handling in certain PoD cases has been insufficient in that in particular partial success of some operations was not properly accounted for. There are two code paths affected - page removal (CVE-2021-28705) and insertion of new pages (CVE-2021-28709). (We provide one patch which combines the fix to both issues.)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5017-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)jessie, jessie (lts)4.4.4lts5-0+deb8u1vulnerable
stretch (security), stretch (lts), stretch4.8.5.final+shim4.10.4-1+deb9u12vulnerable
buster, buster (security)4.11.4+107-gef32c7afa2-1vulnerable
bullseye4.14.6-1fixed
bullseye (security)4.14.5+94-ge49571868d-1fixed
bookworm4.17.3+10-g091466ba55-1~deb12u1fixed
trixie4.17.3+10-g091466ba55-1fixed
sid4.17.3+36-g54dacb5c02-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcejessie(unfixed)end-of-life
xensourcestretch(unfixed)end-of-life
xensourcebuster(unfixed)end-of-life
xensourcebullseye4.14.3+32-g9de3671772-1~deb11u1DSA-5017-1
xensource(unstable)4.14.3+32-g9de3671772-1

Notes

[buster] - xen <end-of-life> (DSA 4677-1)
[stretch] - xen <end-of-life> (DSA 4602-1)
https://xenbits.xen.org/xsa/advisory-389.html

Search for package or bug name: Reporting problems