Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-26931
HistoryFeb 17, 2021 - 12:00 a.m.

CVE-2021-26931

2021-02-1700:00:00
ubuntu.com
ubuntu.com
32
linux kernel
xen
backends
deliberate crashes
memory allocations

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%

An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used
in Xen. Block, net, and SCSI backends consider certain errors a plain bug,
deliberately causing a kernel crash. For errors potentially being at least
under the influence of guests (such as out of memory conditions), it isn’t
correct to assume a plain bug. Memory allocations potentially causing such
crashes occur only when Linux is running in PV mode, though. This affects
drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.

Rows per page:
1-10 of 521

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

14.2%