{"id":"CVE-2021-28712","details":"Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as \"driver domains\". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713","modified":"2026-03-15T14:40:57.577754Z","published":"2022-01-05T17:15:09.070Z","related":["MGASA-2021-0588","MGASA-2021-0589","SUSE-SU-2022:0056-1","SUSE-SU-2022:0068-1","SUSE-SU-2022:0079-1","SUSE-SU-2022:0080-1","SUSE-SU-2022:0090-1","SUSE-SU-2022:0131-1","SUSE-SU-2022:0181-1","SUSE-SU-2022:0197-1","SUSE-SU-2022:0362-1","SUSE-SU-2022:0366-1","SUSE-SU-2022:0367-1","SUSE-SU-2022:0371-1","SUSE-SU-2022:0477-1","openSUSE-SU-2022:0056-1","openSUSE-SU-2022:0131-1","openSUSE-SU-2022:0366-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5096"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5050"},{"type":"FIX","url":"https://xenbits.xenproject.org/xsa/advisory-391.txt"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28712.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}]}