CVE-2021-28039

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-28039
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28039.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-28039
Downstream
Published
2021-03-05T18:15:13.190Z
Modified
2026-04-16T00:11:39.196478033Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIGXENUNPOPULATEDALLOC but not CONFIGXENBALLOONMEMORY_HOTPLUG.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "introduced": "5.9.x"
                },
                {
                    "fixed": "5.11.3"
                }
            ]
        }
    ]
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
882213990d32fd224340a4533f6318dd152be4b2
Database specific 
{
    "source": "REFERENCES"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-28039.json"