PT-2021-3110 · Linux+5 · Linux Kernel+5
Jan Beulich
·
Published
2021-02-15
·
Updated
2024-03-25
·
CVE-2021-26931
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 2.6.39 through 5.10.16
Description
An issue was discovered in the Linux kernel, as used in Xen, where block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. This issue affects memory allocations that occur when Linux is running in PV mode, specifically in drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. The problem arises when errors, potentially influenced by guests, such as out of memory conditions, are incorrectly assumed to be plain bugs.
Recommendations
For Linux kernel versions 2.6.39 through 5.10.16, consider updating to a version outside of this range to mitigate the risk of kernel crashes due to incorrect handling of errors in PV mode. As a temporary workaround, consider restricting access to the affected drivers,
drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c, to minimize the risk of exploitation.Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu