UBUNTU-CVE-2021-28039

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2021-28039
Published: 05 Mar 2021, 18:15
Last modified:24 Oct 2025, 04:50

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

05 Mar 2021, 18:15
Published
Vulnerability first disclosed
24 Oct 2025, 04:50
Last Modified
Vulnerability information updated

Description

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Affected Systems

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-azure

    all

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-gcp

    all

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-edge

    all

  • ubuntulinux-gke-4.15

    all

  • ubuntulinux-hwe

    all

  • ubuntulinux-hwe-edge

    all | all

  • ubuntulinux-oem

    all

  • ubuntulinux-oracle-5.0

    all

  • ubuntulinux-oracle-5.3

    all

  • ubuntulinux-raspi2

    all

  • ubuntulinux-riscv

    all

References (5)