0.0
NA
CVE-2021-47377
CVE-2022-12345: VMware VCenter ESXi Privilege Escalation Vulnerability
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

May 21, 2024, 3:15 p.m.

Last Modified :

May 28, 2024, 7:15 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2021-47377 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-47377 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-47377 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Translated by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
    Removed Translation Title: kernel de Linux Description: En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen/balloon: utiliza un subproceso del kernel en lugar de una cola de trabajo. Hoy en día, la expansión de Xen se realiza mediante trabajo retrasado en una cola de trabajo. Esto podría provocar que se informen bloqueos de la cola de trabajo en caso de que se aumenten grandes cantidades de memoria de una vez (aquí 16 GB): BUG: bloqueo de la cola de trabajo - pool cpus=6 node=0 flags=0x0 nice=0 bloqueado durante 64 segundos. Mostrando colas de trabajo ocupadas y grupos de trabajadores: eventos de cola de trabajo: flags=0x0 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 en vuelo: 229:balloon_process pendiente: cache_reap workqueue events_freezable_power_: flags =0x84 pwq 12: cpus=6 nodo=0 banderas=0x0 agradable=0 activo=1/256 refcnt=2 pendiente: disk_events_workfn cola de trabajo mm_percpu_wq: banderas=0x8 pwq 12: cpus=6 nodo=0 banderas=0x0 agradable=0 activo =1/256 refcnt=2 pendiente: vmstat_update pool 12: cpus=6 nodo=0 banderas=0x0 agradable=0 colgado=64s trabajadores=3 inactivo: 2222 43 Esto se puede evitar fácilmente usando un subproceso del kernel dedicado para realizar la expansión trabajar.
  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: xen/balloon: use a kernel thread instead a workqueue Today the Xen ballooning is done via delayed work in a workqueue. This might result in workqueue hangups being reported in case of large amounts of memory are being ballooned in one go (here 16GB): BUG: workqueue lockup - pool cpus=6 node=0 flags=0x0 nice=0 stuck for 64s! Showing busy workqueues and worker pools: workqueue events: flags=0x0 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 in-flight: 229:balloon_process pending: cache_reap workqueue events_freezable_power_: flags=0x84 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: disk_events_workfn workqueue mm_percpu_wq: flags=0x8 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: vmstat_update pool 12: cpus=6 node=0 flags=0x0 nice=0 hung=64s workers=3 idle: 2222 43 This can easily be avoided by using a dedicated kernel thread for doing the ballooning work. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed Reference kernel.org https://git.kernel.org/stable/c/c5d5a43dd2b649a0a290bfed00fb76d1aff89be6
    Removed Reference kernel.org https://git.kernel.org/stable/c/6bba79c6a073741b672b0bf86a1f03c0fe47f973
    Removed Reference kernel.org https://git.kernel.org/stable/c/29917bbb07c30be295dece245c7c21872e1a6fbb
    Removed Reference kernel.org https://git.kernel.org/stable/c/372d3e6ea1e115942fdfb4b25f7003d822d071be
    Removed Reference kernel.org https://git.kernel.org/stable/c/922fd5b6bb13ad31ff36e86e2eba2f26d8135272
    Removed Reference kernel.org https://git.kernel.org/stable/c/8480ed9c2bbd56fc86524998e5f2e3e22f5038f6
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 21, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: xen/balloon: use a kernel thread instead a workqueue Today the Xen ballooning is done via delayed work in a workqueue. This might result in workqueue hangups being reported in case of large amounts of memory are being ballooned in one go (here 16GB): BUG: workqueue lockup - pool cpus=6 node=0 flags=0x0 nice=0 stuck for 64s! Showing busy workqueues and worker pools: workqueue events: flags=0x0 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=2/256 refcnt=3 in-flight: 229:balloon_process pending: cache_reap workqueue events_freezable_power_: flags=0x84 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: disk_events_workfn workqueue mm_percpu_wq: flags=0x8 pwq 12: cpus=6 node=0 flags=0x0 nice=0 active=1/256 refcnt=2 pending: vmstat_update pool 12: cpus=6 node=0 flags=0x0 nice=0 hung=64s workers=3 idle: 2222 43 This can easily be avoided by using a dedicated kernel thread for doing the ballooning work.
    Added Reference kernel.org https://git.kernel.org/stable/c/c5d5a43dd2b649a0a290bfed00fb76d1aff89be6 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/6bba79c6a073741b672b0bf86a1f03c0fe47f973 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/29917bbb07c30be295dece245c7c21872e1a6fbb [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/372d3e6ea1e115942fdfb4b25f7003d822d071be [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/922fd5b6bb13ad31ff36e86e2eba2f26d8135272 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8480ed9c2bbd56fc86524998e5f2e3e22f5038f6 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-47377 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-47377 weaknesses.

NONE - Vulnerability Scoring System
: