CVE-2021-28693
Summary
| CVE | CVE-2021-28693 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-30 11:15:00 UTC |
| Updated | 2021-09-21 16:14:00 UTC |
| Description | xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| xenbits.xenproject.org/xsa/advisory-372.txt | MISC | xenbits.xenproject.org | |
| Xen: Multiple vulnerabilities (GLSA 202107-30) — Gentoo security | GENTOO | security.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Array
Legacy QID Mappings
- 180484 Debian Security Update for xen (CVE-2021-28693)
- 281644 Fedora Security Update for xen (FEDORA-2021-993693c914)
- 281645 Fedora Security Update for xen (FEDORA-2021-41d4347447)
- 500800 Alpine Linux Security Update for xen
- 501518 Alpine Linux Security Update for xen
- 501796 Alpine Linux Security Update for xen
- 504543 Alpine Linux Security Update for xen
- 710038 Gentoo Linux Xen Multiple vulnerabilities (GLSA 202107-30)
- 751074 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:2925-1)
- 751083 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2021:2924-1)
- 751100 OpenSUSE Security Update for xen (openSUSE-SU-2021:2923-1)
- 751111 OpenSUSE Security Update for xen (openSUSE-SU-2021:1236-1)