Vulnerabilities > CVE-2021-28693 - Unspecified vulnerability in XEN

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

xen

NVD

Published: 2021-06-30

Updated: 2021-09-21

Summary

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.

Vulnerable Configurations

Part	Description	Count
OS	Xen XEN XEN 4.12.0 XEN XEN 4.12.1 XEN XEN 4.12.2 XEN XEN 4.12.3 XEN XEN 4.12.4 XEN XEN 4.13.0 XEN XEN 4.13.1 XEN XEN 4.13.2 XEN XEN 4.13.3 XEN XEN 4.13.4 XEN XEN 4.14.0 XEN XEN 4.14.1 XEN XEN 4.14.3 XEN XEN 4.15.0	41

References

https://xenbits.xenproject.org/xsa/advisory-372.txt
https://security.gentoo.org/glsa/202107-30