active/CVE-2021-28714


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Description: Guest can force Linux netback driver to hog large amounts of kernel memory
References:
 https://xenbits.xen.org/xsa/advisory-392.html
 https://xenbits.xen.org/xsa/xsa392-linux-1.patch
Notes:
 carnil> Commit fixes 1d5d48523900 ("xen-netback: require fewer guest Rx
 carnil> slots when not using GSO") in 4.3-rc1.
 carnil> Fixed as well in 5.15.11 for 5.15.y.
Bugs:
upstream: pending [6032046ec4b70176d247a71836186d47b25d1684]
5.10-upstream-stable: released (5.10.88) [525875c410df5d876b9615c44885ca7640aed6f2]
4.19-upstream-stable: released (4.19.222) [1de7644eac41981817fb66b74e0f82ca4477dc9d]
4.9-upstream-stable: released (4.9.294) [1f66dc775092e5a353e0155fc3aca5dabce77c63]
sid: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security: needed