CVE-2021-28039

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.9.x through 5.11.3

Description The issue relates to misuse of guest physical addresses when a configuration has CONFIG XEN UNPOPULATED ALLOC but not CONFIG XEN BALLOON MEMORY HOTPLUG, allowing an x86 PV guest OS user to crash a Dom0 or driver domain via a large amount of I/O activity in some less-common configurations. This can lead to a denial of service.

Recommendations For Linux kernel versions 5.9.x through 5.11.3, consider disabling the CONFIG XEN UNPOPULATED ALLOC configuration option or enabling the CONFIG XEN BALLOON MEMORY HOTPLUG option as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.