CVE-2021-28700 - OpenCVE

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:S/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Xen	Xen
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:o:xen:xen:*:*:*:*:*:*:arm:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Link	Resource
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/
https://security.gentoo.org/glsa/202208-23	Third Party Advisory
https://www.debian.org/security/2021/dsa-4977	Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-383.txt	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: XEN

Published: 2021-08-27T18:15:52

Updated: 2022-08-14T20:06:06

Reserved: 2021-03-18T00:00:00

Link: CVE-2021-28700

JSON object: View

NVD Information

Status : Modified

Published: 2021-08-27T19:15:07.880

Modified: 2023-11-07T03:32:19.790

Link: CVE-2021-28700

JSON object: View

Redhat Information

No data.

CWE

CWE-770

{"containers": {"cna": {"affected": [{"product": "xen", "vendor": "Xen", "versions": [{"status": "affected", "version": "4.12.x"}]}, {"product": "xen", "vendor": "Xen", "versions": [{"lessThan": "4.12", "status": "unknown", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.13.x", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "next of xen-unstable", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Julien Grall of Amazon.'}]}}}"}], "descriptions": [{"lang": "en", "value": "xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured."}], "metrics": [{"other": {"content": {"description": {"description_data": [{"lang": "eng", "value": "Malicious dom0less guest could drive Xen out of memory and may\nresult to a Denial of Service (DoS) attack affecting the entire\nsystem."}]}}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "unknown", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-14T20:06:06", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://xenbits.xenproject.org/xsa/advisory-383.txt"}, {"name": "FEDORA-2021-4f129cc0c1", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/"}, {"name": "FEDORA-2021-d68ed12e46", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/"}, {"name": "DSA-4977", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4977"}, {"name": "FEDORA-2021-081f9bf5d2", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/"}, {"name": "GLSA-202208-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-23"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@xen.org", "ID": "CVE-2021-28700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "xen", "version": {"version_data": [{"version_value": "4.12.x"}]}}, {"product_name": "xen", "version": {"version_data": [{"version_affected": "?<", "version_value": "4.12"}, {"version_affected": ">=", "version_value": "4.13.x"}, {"version_affected": "!>", "version_value": "xen-unstable"}]}}]}, "vendor_name": "Xen"}]}}, "configuration": {"configuration_data": {"description": {"description_data": [{"lang": "eng", "value": "Only Arm systems are vulnerable. Only domains created using the\ndom0less feature are affected.\n\nOnly domains created using the dom0less feature can leverage the\nvulnerability.\n\nAll versions of Xen since 4.12 are vulnerable."}]}}}, "credit": {"credit_data": {"description": {"description_data": [{"lang": "eng", "value": "This issue was discovered by Julien Grall of Amazon."}]}}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured."}]}, "impact": {"impact_data": {"description": {"description_data": [{"lang": "eng", "value": "Malicious dom0less guest could drive Xen out of memory and may\nresult to a Denial of Service (DoS) attack affecting the entire\nsystem."}]}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unknown"}]}]}, "references": {"reference_data": [{"name": "https://xenbits.xenproject.org/xsa/advisory-383.txt", "refsource": "MISC", "url": "https://xenbits.xenproject.org/xsa/advisory-383.txt"}, {"name": "FEDORA-2021-4f129cc0c1", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/"}, {"name": "FEDORA-2021-d68ed12e46", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/"}, {"name": "DSA-4977", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4977"}, {"name": "FEDORA-2021-081f9bf5d2", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/"}, {"name": "GLSA-202208-23", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-23"}]}, "workaround": {"workaround_data": {"description": {"description_data": [{"lang": "eng", "value": "There is no known mitigation."}]}}}}}}, "cveMetadata": {"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2021-28700", "datePublished": "2021-08-27T18:15:52", "dateReserved": "2021-03-18T00:00:00", "dateUpdated": "2022-08-14T20:06:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:arm:*", "matchCriteriaId": "396875EE-05D8-4BD5-B345-9E6FB343C02B", "versionStartIncluding": "4.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured."}, {"lang": "es", "value": "xen/arm: No se presenta un l\u00edmite de memoria para dom0less domUs. La funcionalidad dom0less permite a un administrador crear m\u00faltiples dominios no privilegiado directamente desde Xen. Desafortunadamente, el l\u00edmite de memoria de los mismos no est\u00e1 ajustado. Esto permite a un dominio asignar memoria m\u00e1s all\u00e1 de lo que un administrador configur\u00f3 originalmente."}], "id": "CVE-2021-28700", "lastModified": "2023-11-07T03:32:19.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-27T19:15:07.880", "references": [{"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-23"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4977"}, {"source": "security@xen.org", "tags": ["Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-383.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}