| Titel | CVE-2021-28688 / Denial of Service in Hypervizor |
|---|
| Beschreibung | IMPACT
======
A malicious or buggy frontend driver may be able to cause resource leaks
from the corresponding backend driver. This can result in a host-wide
Denial of Sevice (DoS).
VULNERABLE SYSTEMS
==================
All Linux versions having the fix for XSA-365 applied are vulnerable.
XSA-365 was classified to affect versions back to at least 3.11.
MITIGATION
==========
Reconfiguring guests to use alternative (e.g. qemu-based) backends may
avoid the vulnerability.
Avoiding the use of persistent grants will also avoid the vulnerability.
This can be achieved by passing the "feature_persistent=0" module option
to the xen-blkback driver.
CREDITS
Affected Versions:
Citrix Systems Hypervisor <= 8.2 LTSR, Citrix Systems XenServer <= 7.0, Citrix Systems XenServer <= 7.1 LTSR CU2, Open Source Xen
Source:
https://xenbits.xen.org/xsa/advisory-371.html
https://support.citrix.com/article/CTX306565 |
|---|
| Quelle | ⚠️ https://xenbits.xen.org/xsa/advisory-371.html |
|---|
| Benutzer | CSieberg (UID 13359) |
|---|
| Einreichung | 01.04.2021 09:26 (vor 5 Jahren) |
|---|
| Moderieren | 01.04.2021 09:50 (24 minutes later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 172065 [Xen Denial of Service] |
|---|
| Punkte | 20 |
|---|