7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.3%
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used
by Xen. To service requests to the PV backend, the driver maps grant
references provided by the frontend. In this process, errors may be
encountered. In one case, an error encountered earlier might be discarded
by later processing, resulting in the caller assuming successful mapping,
and hence subsequent operations trying to access space that wasn’t mapped.
In another case, internal state would be insufficiently updated, preventing
safe recovery from the error. This affects
drivers/block/xen-blkback/blkback.c.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-143.147 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-71.79 | UNKNOWN |
ubuntu | 20.10 | noarch | linux | < 5.8.0-53.60 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-207.239 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1102.109 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1043.45 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-aws | < 5.8.0-1033.35 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1090.94) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1126.140 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1043.45~18.04.1 | UNKNOWN |
xenbits.xen.org/xsa/advisory-365.html
launchpad.net/bugs/cve/CVE-2021-26930
nvd.nist.gov/vuln/detail/CVE-2021-26930
security-tracker.debian.org/tracker/CVE-2021-26930
ubuntu.com/security/notices/USN-4904-1
ubuntu.com/security/notices/USN-4909-1
ubuntu.com/security/notices/USN-4946-1
ubuntu.com/security/notices/USN-4949-1
www.cve.org/CVERecord?id=CVE-2021-26930
www.openwall.com/lists/oss-security/2021/02/16/6
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.3%