An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
| Link | Tags |
|---|---|
| http://xenbits.xen.org/xsa/advisory-367.html | patch vendor advisory |
| http://www.openwall.com/lists/oss-security/2021/03/05/1 | mailing list third party advisory patch |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html | third party advisory mailing list |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html | third party advisory mailing list |
| https://security.netapp.com/advisory/ntap-20210409-0001/ | third party advisory |
| https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2991397d23ec597405b116d96de3813420bdcbc3 |