CVE-2021-28687

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue is related to the libxl domain suspend state structure in the Xen hypervisor, which does not follow the standard initialization and disposal discipline. This can lead to a crash when a guest initiates a "soft reboot", causing an assert() due to the uninitialized data structure. The impact of this issue depends on the toolstack structure. For xl, the effect is limited to the domain in question hanging in a crashed state, but it can be destroyed by xl destroy. For daemon-based toolstacks like libvirt, this can cause a system-wide denial of service (DoS) by crashing the toolstack, losing the state of in-progress operations, and preventing further administrator operations unless the daemon is configured to restart automatically.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.