Cyber Resilience

CVE-2021-28039

Medium

Published: 05 March 2021

Published
05 March 2021
Modified
21 November 2024
KEV Added
Patch
05 March 2021
CVSS Score v3.1 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0014 33.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-28039 is a medium-severity Incorrect Calculation of Buffer Size (CWE-131) vulnerability in Linux Linux Kernel. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The…

more

issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
5.9.0 — 5.11.3
xen
xen
all versions
netapp
cloud backup
all versions
netapp
solidfire baseboard management controller firmware
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References