CVE-2021-28038 — MEDIUM (6.5)

Q: How severe is CVE-2021-28038?

CVE-2021-28038 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-28038?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Netapp Cloud Backup, Netapp Solidfire Baseboard Management Controller Firmware.

Vulnerability Description

An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.39, < 4.4.260
Debian	Debian Linux	9.0
Netapp	Cloud Backup	-
Netapp	Solidfire Baseboard Management Controller Firmware	-

Related Weaknesses (CWE)

CWE-770

References

http://www.openwall.com/lists/oss-security/2021/03/05/1Mailing ListPatchThird Party Advisory
http://xenbits.xen.org/xsa/advisory-367.htmlPatchVendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29913
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlThird Party Advisory
https://security.netapp.com/advisory/ntap-20210409-0001/Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/05/1Mailing ListPatchThird Party Advisory
http://xenbits.xen.org/xsa/advisory-367.htmlPatchVendor Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29913
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.htmlThird Party Advisory
https://security.netapp.com/advisory/ntap-20210409-0001/Third Party Advisory

FAQ

What is CVE-2021-28038?

CVE-2021-28038 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result...

How severe is CVE-2021-28038?

CVE-2021-28038 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28038?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux, Netapp Cloud Backup, Netapp Solidfire Baseboard Management Controller Firmware.