CVE-2021-28706
Published: 24 November 2021
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.
Priority
CVSS 3 base score: 8.6
Notes
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28706
- https://xenbits.xen.org/xsa/advisory-385.html
- NVD
- Launchpad
- Debian