Denial of Service Vulnerability in Linux Kernel with Xen Configuration

Denial of Service Vulnerability in Linux Kernel with Xen Configuration

CVE-2021-28039 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.