Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-26930
HistoryFeb 17, 2021 - 12:00 a.m.

CVE-2021-26930

2021-02-1700:00:00
ubuntu.com
ubuntu.com
53
linux kernel
xen
access control
error handling
security issue

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

14.2%

An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used
by Xen. To service requests to the PV backend, the driver maps grant
references provided by the frontend. In this process, errors may be
encountered. In one case, an error encountered earlier might be discarded
by later processing, resulting in the caller assuming successful mapping,
and hence subsequent operations trying to access space that wasn’t mapped.
In another case, internal state would be insufficiently updated, preventing
safe recovery from the error. This affects
drivers/block/xen-blkback/blkback.c.

Rows per page:
1-10 of 521

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

14.2%