Detections
Analytics

FreeBSD : FreeBSD -- Xen grant mapping error handling issues (5b8c6e1e-770f-11eb-b87a-901b0ef719ab)

medium Nessus Plugin ID 146833

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation.

Unfortunately, when running in HVM/PVH mode, the FreeBSD backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Impact : A malicious or buggy frontend driver may be able to cause resource leaks in the domain running the corresponding backend driver.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?10ec28c7

Plugin Details

Severity: Medium

ID: 146833

File Name: freebsd_pkg_5b8c6e1e770f11ebb87a901b0ef719ab.nasl

Version: 1.2

Type: local

Published: 2/25/2021

Updated: 3/1/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 1.9

Temporal Score: 1.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-26932

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:freebsd, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2/25/2021

Vulnerability Publication Date: 2/24/2021

Reference Information

CVE: CVE-2021-26932

FreeBSD: SA-21:06.xen