CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
14.2%
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used
by Xen. To service requests to the PV backend, the driver maps grant
references provided by the frontend. In this process, errors may be
encountered. In one case, an error encountered earlier might be discarded
by later processing, resulting in the caller assuming successful mapping,
and hence subsequent operations trying to access space that wasn’t mapped.
In another case, internal state would be insufficiently updated, preventing
safe recovery from the error. This affects
drivers/block/xen-blkback/blkback.c.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-143.147 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-71.79 | UNKNOWN |
ubuntu | 20.10 | noarch | linux | < 5.8.0-53.60 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-207.239 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1102.109 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1043.45 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-aws | < 5.8.0-1033.35 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1090.94 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1126.140 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1043.45~18.04.1 | UNKNOWN |
xenbits.xen.org/xsa/advisory-365.html
launchpad.net/bugs/cve/CVE-2021-26930
nvd.nist.gov/vuln/detail/CVE-2021-26930
security-tracker.debian.org/tracker/CVE-2021-26930
ubuntu.com/security/notices/USN-4904-1
ubuntu.com/security/notices/USN-4909-1
ubuntu.com/security/notices/USN-4946-1
ubuntu.com/security/notices/USN-4949-1
www.cve.org/CVERecord?id=CVE-2021-26930
www.openwall.com/lists/oss-security/2021/02/16/6
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
14.2%