CVE编号
CVE-2021-28691利用情况
暂无补丁情况
官方补丁披露时间
2021-06-29漏洞描述
Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can force Linux netback to disable the interface and terminate the receive kernel thread associated with queue 0 in response to the frontend sending a malformed packet. Such kernel thread termination will lead to a use-after-free in Linux netback when the backend is destroyed, as the kernel thread associated with queue 0 will have already exited and thus the call to kthread_stop will be performed against a stale pointer.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://security.gentoo.org/glsa/202107-30 | |
| https://security.netapp.com/advisory/ntap-20210805-0002/ | |
| https://xenbits.xenproject.org/xsa/advisory-374.txt |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | kernel | * |
Up to (excluding) 5.10.47-39.130.amzn2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | linux | linux_kernel | * |
From (including) 5.5.0 |
Up to (excluding) 5.12.2 |
||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04.5_lts | linux | * |
Up to (excluding) 4.13.0-16.19 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_20.04 | linux-kvm | * |
Up to (excluding) 5.8.0-1042.44~20.04.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_21.04 | linux-kvm | * |
Up to (excluding) 5.11.0-31.33 |
|||||
- 攻击路径 远程
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 N/A
- 补丁情况 官方补丁
- 数据保密性 N/A
- 数据完整性 传输被破坏
- 服务器危害 DoS
- 全网数量 N/A
还没有评论,来说两句吧...