CVE-2021-26934

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.18 through 5.10.16

Description An issue was discovered in the Linux kernel, as used by Xen, related to the backend allocation mode of the drm xen front drivers. This mode was not meant to be a supported configuration, but its support status was not stated accordingly. The issue is associated with unlimited resource allocation, which could allow an attacker to execute arbitrary code.

Recommendations For Linux kernel versions 4.18 through 5.10.16, consider disabling the backend allocation mode of the drm xen front drivers as a temporary workaround until a patch is available. Restrict access to the drm xen front drivers to minimize the risk of exploitation.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2021-1364

ALT-PU-2021-1388

ALT-PU-2021-1417

ALT-PU-2021-1424

ALT-PU-2021-1447

ALT-PU-2021-1621

ALT-PU-2021-1656

ALT-PU-2021-1739

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1869

ALT-PU-2021-1870

BDU:2021-02597

CVE-2021-26934

ECHO-AB4C-2B4A-F4E1

Affected Products

Alt Linux

Debian

Linux Kernel

CVE-2021-26934

Weakness Enumeration

Related Identifiers

Affected Products

References · 27