CVE-2021-26931
MEDIUMLinux Kernel 2.6.39-5.10.16 - Denial of Service via Xen Block/Net/SCSI Backend Error Handling
Title source: llmDescription
An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html
Patch, Third Party Advisory
http://xenbits.xen.org/xsa/advisory-362.html
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210326-0001/
Scores
CVSS v3
5.5
EPSS
0.0054
EPSS Percentile
41.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (4)
debian/debian_linux
9.0
fedoraproject/fedora
32
fedoraproject/fedora
33
linux/linux_kernel
2.6.39 - 5.10.16
Published
Feb 17, 2021
Tracked Since
Feb 18, 2026