CVE-2021-28699

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue is related to an inadequate grant-v2 status frames array bounds check in the Xen hypervisor. This allows a guest to potentially cause a denial of service by exploiting the vulnerability in the translation of requests for 32-bit guests on x86. The v2 grant table interface separates grant attributes from grant status, and guests need to retrieve the addresses of the new status tracking table. The translation layer has limited space, and the core function enforces array bounds to be below 8 times the specified value, which can lead to writing past the available space if enough frame numbers are needed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.