PT-2021-4228 · Linux+5 · Linux+5
Nicolai Stange
·
Published
2021-03-01
·
Updated
2022-06-14
·
CVE-2021-28688
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux versions 3.11 and later
Description
The issue is related to incorrect initialization of data in the Linux operating system, which can lead to a denial of service. The problem arises from the fix for a previous issue, where the initialization of pointers was implemented to prevent the use of uninitialized or stale values. However, this initialization may overwrite pointers that need to be cleaned up under certain conditions, resulting in a leak of persistent grants. This leak can prevent the full cleanup of resources after a guest has died, leaving behind zombie domains.
Recommendations
For Linux versions 3.11 and later, consider disabling the affected cleanup code as a temporary workaround until a proper fix is available. Restrict access to the vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Initialization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Linux
Linuxmint
Suse
Ubuntu