6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
11.7%
The fix for XSA-365 includes initialization of pointers such that
subsequent cleanup code wouldn’t use uninitialized or stale values. This
initialization went too far and may under certain conditions also overwrite
pointers which are in need of cleaning up. The lack of cleanup would result
in leaking persistent grants. The leak in turn would prevent fully cleaning
up after a respective guest has died, leaving around zombie domains. All
Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365
was classified to affect versions back to at least 3.11.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | linux | < 4.4.0-222.255) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux | < 4.15.0-143.147 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-74.83 | UNKNOWN |
ubuntu | 20.10 | noarch | linux | < 5.8.0-55.62 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1102.109 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-aws | < 5.8.0-1035.37 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1102.107) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws | < 4.4.0-1138.152) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1049.51 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1049.51~18.04.1 | UNKNOWN |
git.kernel.org/linus/a846738f8c3788d846ed1f587270d2f2e3d32432
launchpad.net/bugs/cve/CVE-2021-28688
nvd.nist.gov/vuln/detail/CVE-2021-28688
security-tracker.debian.org/tracker/CVE-2021-28688
ubuntu.com/security/notices/USN-4946-1
ubuntu.com/security/notices/USN-4948-1
ubuntu.com/security/notices/USN-4982-1
ubuntu.com/security/notices/USN-4984-1
ubuntu.com/security/notices/USN-5343-1
www.cve.org/CVERecord?id=CVE-2021-28688
xenbits.xen.org/xsa/advisory-371.html
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
11.7%