Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-28715
HistoryJan 06, 2022 - 12:00 a.m.

CVE-2021-28715

2022-01-0600:00:00
ubuntu.com
ubuntu.com
20

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

13.4%

JSON

Guest can force Linux netback driver to hog large amounts of kernel memory
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] Incoming data
packets for a guest in the Linux kernel’s netback driver are buffered until
the guest is ready to process them. There are some measures taken for
avoiding to pile up too much data, but those can be bypassed by the guest:
There is a timeout how long the client side of an interface can stop
consuming new packets before it is assumed to have stalled, but this
timeout is rather long (60 seconds by default). Using a UDP connection on a
fast interface can easily accumulate gigabytes of data in that time.
(CVE-2021-28715) The timeout could even never trigger if the guest manages
to have only one free slot in its RX queue ring page and the next package
would require more than one free slot, which may be the case when using
GSO, XDP, or software hashing. (CVE-2021-28714)

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-169.177UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-105.119UNKNOWN
ubuntu21.10noarchlinux< 5.13.0-37.42UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1121.129UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1069.73UNKNOWN
ubuntu21.10noarchlinux-aws< 5.13.0-1019.21UNKNOWN
ubuntu20.04noarchlinux-aws-5.13< 5.13.0-1019.21~20.04.1UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1069.73~18.04.1UNKNOWN
ubuntu16.04noarchlinux-aws-hwe< 4.15.0-1120.128~16.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu20.04noarchlinux-azure< 5.4.0-1073.76UNKNOWN
Rows per page:
1-10 of 511

Related

cve 2
prion 2
debiancve 2
redhatcve 1
ubuntucve 1
xen 1
citrix 1
openvas 28
fedora 2
cbl_mariner 2
cnvd 2
mageia 2
amazon 4
nessus 31
osv 10
cloudfoundry 2
debian 4
ubuntu 6
suse 3
photon 1
slackware 1
cve
cve
CVE-2021-28715
2022-01-06 18:15:00
CVE-2021-28714
2022-01-06 18:15:00
prion
prion
Design/Logic Flaw
2022-01-06 18:15:00
Design/Logic Flaw
2022-01-06 18:15:00
debiancve
debiancve
CVE-2021-28715
2022-01-06 18:15:00
CVE-2021-28714
2022-01-06 18:15:00
redhatcve
redhatcve
CVE-2021-28714
2022-05-20 22:29:10
ubuntucve
ubuntucve
CVE-2021-28714
2022-01-06 00:00:00
xen
xen
Guest can force Linux netback driver to hog large amounts of kernel memory
2021-12-20 09:54:00
citrix
citrix
Citrix Hypervisor Security Update
2022-01-12 11:09:52
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2021-e6cbca1e9e)
2021-12-27 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-4f1a2cdf2e)
2021-12-27 00:00:00
Mageia: Security Advisory (MGASA-2021-0589)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-5.15.11-100.fc34
2021-12-26 01:12:01
[SECURITY] Fedora 35 Update: kernel-5.15.11-200.fc35
2021-12-26 01:27:24
cbl_mariner
cbl_mariner
CVE-2021-28714 affecting package kernel 5.10.189.1-1
2022-01-26 22:54:05
CVE-2021-28715 affecting package kernel 5.10.189.1-1
2022-01-26 22:54:05
cnvd
cnvd
Linux kernel has unspecified vulnerabilities (CNVD-2022-05041)
2022-01-14 00:00:00
Linux kernel has unspecified vulnerabilities (CNVD-2022-05042)
2022-01-14 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2021-12-29 22:12:56
Updated kernel packages fix security vulnerabilities
2021-12-29 22:12:56
amazon
amazon
Important: kernel
2022-02-04 23:25:00
Important: kernel
2022-02-04 23:24:00
Important: kernel
2023-02-17 00:02:00
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2022-1563)
2022-02-07 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-021)
2022-05-02 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0181-1)
2022-01-26 00:00:00
osv
osv
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2022-02-22 09:27:43
linux - security update
2022-01-20 00:00:00
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, lnux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities
2022-03-22 07:26:42
cloudfoundry
cloudfoundry
USN-5298-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
USN-5338-1: Linux kernel vulnerabilities | Cloud Foundry
2022-04-14 00:00:00
debian
debian
[SECURITY] [DSA 5050-1] linux security update
2022-01-20 16:46:05
[SECURITY] [DLA 2940-1] linux security update
2022-03-09 12:40:13
[SECURITY] [DSA 5096-1] linux security update
2022-03-09 15:30:58
ubuntu
ubuntu
Linux kernel vulnerabilities
2022-02-22 00:00:00
Linux kernel vulnerabilities
2022-03-22 00:00:00
Linux kernel (BlueField) vulnerabilities
2022-04-13 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-05-07 00:00:00
Security update for the Linux Kernel (important)
2022-03-01 00:00:00
Security update for the Linux Kernel (critical)
2022-02-10 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-3.0-0350
2022-01-11 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2022-02-01 05:01:08

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

13.4%

JSON
Related for UB:CVE-2021-28715
cve2prion2debiancve2redhatcve1ubuntucve1xen1citrix1openvas28fedora2cbl_mariner2cnvd2mageia2amazon4nessus31osv10cloudfoundry2debian4ubuntu6suse3photon1slackware1