CVE-2021-28706

Summary

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.

Affected Software

VendorProductVersion RangeStatus
Xenxen4.12.xaffected
Xenxenunspecified < 4.12unknown
Xenxen4.14.x < unspecifiedaffected
Xenxennext of 4.15.x < unspecifiedunaffected
Xenxenxen-unstableaffected
Xenxen4.13.xaffected

Weaknesses

  • unknown

ADP Enrichment

CVE Program Container

Additional References

References