Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot which may be the case when using GSO XDP or software hashing. (CVE-2021-28714)

🗓️ 19 Jan 2022 08:00:00Reported by MicrosoftType 
mscve
 mscve🔗 msrc.microsoft.com👁 2 Views

The guest can trigger memory hog in the Linux netback driver by buffering data due to a long timeout and RX queue limits.

Related
Detection
ReporterTitlePublishedViews
Family
Tenable Nessus		Amazon Linux 2 : kernel (ALAS-2022-1749)
7 Feb 202200:00
nessus
Tenable Nessus		Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-009)
2 May 202200:00
nessus
Tenable Nessus		Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-021)
2 May 202200:00
nessus
Tenable Nessus		Amazon Linux AMI : kernel (ALAS-2022-1563)
7 Feb 202200:00
nessus
Tenable Nessus		Amazon Linux AMI : kernel (ALAS-2023-1688)
23 Feb 202300:00
nessus
Tenable Nessus		Alibaba Cloud Linux 3 : 0125: cloud-kernel bugfix, enhancement and (ALINUX3-SA-2022:0125)
14 May 202500:00
nessus
Tenable Nessus		Debian DSA-5050-1 : linux - security update
21 Jan 202200:00
nessus
Tenable Nessus		Debian DSA-5096-1 : linux - security update
9 Mar 202200:00
nessus
Tenable Nessus		EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1489)
20 Apr 202200:00
nessus
Tenable Nessus		openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0056-1)
12 Jan 202200:00
nessus
Rows per page
Vulners
Node
microsoftcm1_kernel_5.10.89.1-2Range<-

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
19 Jan 2022 08:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 22.1
CVSS 3.16.5
EPSS0.00242
SSVC
linux netback driverguest data bufferingmemory exhaustionlong timeoutreceive queue limitscve 2021 28715cve 2021 28714
2