CVE-2021-28713
Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. Three affected backends: blkfront patch 1, CVE-2021-28711, netfront patch 2, CVE-2021-28712, hvc_xen (console) patch 3, CVE-2021-2871
| Reporter | Title | Published | Views | Family All 176 |
|---|---|---|---|---|
 | CVE-2021-28712 | 5 Jan 202216:10 | – | cvelist |
| CVE-2021-28711 | 5 Jan 202216:10 | – | cvelist |
| CVE-2021-28713 | 5 Jan 202216:10 | – | cvelist |
 | UBUNTU-CVE-2021-28711 | 5 Jan 202217:15 | – | osv |
| UBUNTU-CVE-2021-28712 | 5 Jan 202217:15 | – | osv |
| CVE-2021-28713 | 5 Jan 202217:15 | – | osv |
| UBUNTU-CVE-2021-28713 | 5 Jan 202217:15 | – | osv |
| CVE-2021-28711 | 5 Jan 202217:15 | – | osv |
| CVE-2021-28712 | 5 Jan 202217:15 | – | osv |
| MGASA-2021-0589 Updated kernel-linus packages fix security vulnerabilities | 29 Dec 202119:12 | – | osv |
[
{
"product": "Linux",
"vendor": "Linux",
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-391"
}
]
}
]Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo