CVE-2021-28713
Public on 2022-01-05
Modified on 2022-02-04
Description
A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests.
A local user could use this flaw to starve the resources resulting in a denial of service.
A local user could use this flaw to starve the resources resulting in a denial of service.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | kernel | 2022-02-04 | ALAS-2022-1563 | Fixed |
| Amazon Linux 1 | kernel | 2023-02-17 | ALAS-2023-1688 | Fixed |
| Amazon Linux 2 - Core | kernel | 2022-02-04 | ALAS2-2022-1749 | Fixed |
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2022-01-26 | ALAS2KERNEL-5.10-2022-009 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-01-26 | ALAS2KERNEL-5.4-2022-021 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv2 | 2.1 | AV:L/AC:L/Au:N/C:N/I:N/A:P |
| NVD | CVSSv3 | 6.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |