exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2021-28715

Status Candidate

Overview

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714)

Related Files

Ubuntu Security Notice USN-5377-1
Posted Apr 13, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5377-1 - It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-4135, CVE-2021-43976, CVE-2021-44733, CVE-2021-45095, CVE-2021-45469, CVE-2021-45480, CVE-2022-0435, CVE-2022-0492, CVE-2022-1055, CVE-2022-27666
SHA-256 | 7e8bb3e3236447d1446aec7cdf4a4e028e781bb1a791ee70ba7d1d4a0e3b9b7b
Download | Favorite | View
Ubuntu Security Notice USN-5368-1
Posted Apr 7, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5368-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-39685, CVE-2021-39698, CVE-2021-4135, CVE-2021-4197, CVE-2021-43975, CVE-2021-44733, CVE-2021-45095, CVE-2021-45402, CVE-2021-45480, CVE-2022-0264, CVE-2022-0382, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-1055, CVE-2022-23222, CVE-2022-27666
SHA-256 | 5d0b16263370f4a729db7ba7a5a7cdbc7ade51f3de840e5c97e95000dd201eb7
Download | Favorite | View
Debian Security Advisory 5096-1
Posted Mar 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5096-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2020-29374, CVE-2020-36322, CVE-2021-20317, CVE-2021-20321, CVE-2021-20322, CVE-2021-22600, CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-28950, CVE-2021-3640, CVE-2021-3744
SHA-256 | 75c044bf4d2e418a7cc68e74ff3d6f180013990253cbe7731409a07b3b799fa7
Download | Favorite | View
Ubuntu Security Notice USN-5338-1
Posted Mar 22, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5338-1 - Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges. J

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-4135, CVE-2021-43976, CVE-2021-44733, CVE-2021-45095, CVE-2021-45480, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516
SHA-256 | 8237e5780ec9d5762a287998415d277ae8d9148196c501305fc7c81735e15f4e
Download | Favorite | View
Ubuntu Security Notice USN-5337-1
Posted Mar 22, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5337-1 - It was discovered that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the Linux kernel did not properly restrict access to the cgroups v1 release_agent feature. A local attacker could use this to gain administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-28711, CVE-2021-28715, CVE-2021-39685, CVE-2021-39698, CVE-2021-4135, CVE-2021-4197, CVE-2021-43975, CVE-2021-44733, CVE-2021-45095, CVE-2021-45402, CVE-2021-45480, CVE-2022-0264, CVE-2022-0382, CVE-2022-0435, CVE-2022-0492, CVE-2022-0516, CVE-2022-0742, CVE-2022-23222
SHA-256 | 4dff7bdfe15d8b868bc4461cfd70105479202ceeccf3bca61cd797c093e0dd5a
Download | Favorite | View
Debian Security Advisory 5050-1
Posted Jan 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5050-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2021-28711, CVE-2021-28712, CVE-2021-28713, CVE-2021-28714, CVE-2021-28715, CVE-2021-39685, CVE-2021-4155, CVE-2021-45095, CVE-2021-45469, CVE-2021-45480, CVE-2022-0185, CVE-2022-23222
SHA-256 | 201719841d62e63a9df601bb25c6296f57bb40b4ff04b69e300f0b1ed9ce5c7a
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close