Cyber Resilience

CVE-2021-26932

Medium

Published: 17 February 2021

Published
17 February 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0019 40.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-26932 is a medium-severity an unspecified weakness vulnerability in Fedoraproject Fedora. Its CVSS base score is 5.5 (Medium).

Operationally, ranked at the 40.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each…

more

one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
3.2 — 5.10.16
fedoraproject
fedora
32, 33
debian
debian linux
9.0
netapp
cloud backup
all versions
netapp
solidfire\, enterprise sds \& hci storage node
all versions
netapp
solidfire \& hci management node
all versions
netapp
hci compute node
all versions
netapp
hci h410c firmware
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References