PT-2021-4249 · Linux+4 · Linux Kernel+4

Jan Beulich

·

Published

2021-03-05

·

Updated

2024-03-25

·

CVE-2021-28038

CVSS v3.1

6.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.11.3
Description The issue is related to the netback driver in the Linux kernel, which lacks proper error handling for certain conditions such as failed memory allocations. This can lead to a denial of service in the host OS if a networking frontend driver misbehaves. The vulnerability is also related to an incomplete fix for a previous issue and is associated with unlimited memory allocation.
Recommendations For Linux kernel versions through 5.11.3, update to a version that includes the complete fix for this issue to prevent potential denial of service attacks.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2021-04857
CVE-2021-28038
DLA-2586-1
DLA-2610-1
MGASA-2021-0117
MGASA-2021-0152
OESA-2021-1111
OPENSUSE-SU-2021:0532-1
OPENSUSE-SU-2021:0758-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_0532-1
OPENSUSE-SU-2021_0758-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
SUSE-SU-2021:1175-1
SUSE-SU-2021:1176-1
SUSE-SU-2021:1177-1
SUSE-SU-2021:1210-1
SUSE-SU-2021:1211-1
SUSE-SU-2021:1238-1
SUSE-SU-2021:1573-1
SUSE-SU-2021:1596-1
SUSE-SU-2021:1617-1
SUSE-SU-2021:1623-1
SUSE-SU-2021:1624-1
SUSE-SU-2021:1625-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
USN-4904-1
USN-4911-1
USN-4945-1
USN-4945-2
USN-4946-1
USN-4984-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu