CVE-2021-28706
CVE-2021-28706
In short
A guest virtual machine can exceed its memory limit by exploiting a calculation error in the hypervisor. When allocated nearly 16TB of memory, it can request more than allowed, bypassing the administrator's restrictions.
Technical detail
CVE-2021-28706 involves an integer overflow in hypercall processing where 32-bit arithmetic on large memory values (near 16TiB) causes the allocation check to compare an overflowed small value against the upper bound instead of the actual requested amount. An authenticated guest with near-maximum memory allocation can exploit this to exceed administrator-enforced memory limits, potentially impacting host stability and resource isolation.
Summary generated and translated by AI from the official description.
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.
Affected products
Xen · xenWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXUI4VMD52CH3T7YXAG3J2JW7ZNN3SXF/https://security.gentoo.org/glsa/202402-07https://www.debian.org/security/2021/dsa-5017https://xenbits.xenproject.org/xsa/advisory-385.txt