How severe is CVE-2021-26932?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-26932?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2021-26932

MEDIUM Year: 2021

CVSS v3 Score

5.5

Medium

CVSS v2 Score

1.9

Low

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.

CVE-2006-3547

MEDIUM

CVSS:5.5(Medium)

EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machin...

NVD-CWE-Other2006

CVE-2007-3732

MEDIUM

CVSS:5.5(Medium)

In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRAC...

NVD-CWE-Other2007

CVE-2007-6716

MEDIUM

CVSS:5.5(Medium)

fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a cert...

NVD-CWE-Other2007

CVE-2010-2066

MEDIUM

CVSS:5.5(Medium)

The mext_check_arguments function in fs/ext4/move_extent.c in the Linux kernel before 2.6.35 allows local users to overwrite an append-only file via a MOVE_EXT ioctl call that specifies this file as a...

NVD-CWE-Other2010

CVE-2011-4112

MEDIUM

CVSS:5.5(Medium)

The net subsystem in the Linux kernel before 3.1 does not properly restrict use of the IFF_TX_SKB_SHARING flag, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_...

NVD-CWE-Other2011

CVE-2011-5321

MEDIUM

CVSS:5.5(Medium)

The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and s...

NVD-CWE-Other2011

CVE-2021-26932

Vulnerability Description

Related Vulnerabilities

CVE-2006-3547

CVE-2007-3732

CVE-2007-6716

CVE-2010-2066

CVE-2011-4112

CVE-2011-5321