| Titolo | CVE-2021-28688 / Denial of Service in Hypervizor |
|---|
| Descrizione | IMPACT
======
A malicious or buggy frontend driver may be able to cause resource leaks
from the corresponding backend driver. This can result in a host-wide
Denial of Sevice (DoS).
VULNERABLE SYSTEMS
==================
All Linux versions having the fix for XSA-365 applied are vulnerable.
XSA-365 was classified to affect versions back to at least 3.11.
MITIGATION
==========
Reconfiguring guests to use alternative (e.g. qemu-based) backends may
avoid the vulnerability.
Avoiding the use of persistent grants will also avoid the vulnerability.
This can be achieved by passing the "feature_persistent=0" module option
to the xen-blkback driver.
CREDITS
Affected Versions:
Citrix Systems Hypervisor <= 8.2 LTSR, Citrix Systems XenServer <= 7.0, Citrix Systems XenServer <= 7.1 LTSR CU2, Open Source Xen
Source:
https://xenbits.xen.org/xsa/advisory-371.html
https://support.citrix.com/article/CTX306565 |
|---|
| Fonte | ⚠️ https://xenbits.xen.org/xsa/advisory-371.html |
|---|
| Utente | CSieberg (UID 13359) |
|---|
| Sottomissione | 01/04/2021 09:26 (5 anni fa) |
|---|
| Moderazione | 01/04/2021 09:50 (24 minutes later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 172065 [Xen negazione del servizio] |
|---|
| Punti | 20 |
|---|