CVE-2021-28693
Last modified
CVE-2021-28693 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Xen | Xen | >= 4.12.0, <= 4.15.0 | — |
| Xen | Xen | 4.15.0 | Rc1 |
References
- https://security.gentoo.org/glsa/202107-30Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-372.txtVendor Advisory
- https://security.gentoo.org/glsa/202107-30Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-372.txtVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-28693?
How severe is CVE-2021-28693?
How do I fix CVE-2021-28693?
Are you affected by CVE-2021-28693?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST