CVE-2021-28693

Name
CVE-2021-28693
Description
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://xenbits.xenproject.org/xsa/advisory-372.txt
Third Party Advisory https://security.gentoo.org/glsa/202107-30

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* xen >= 4.12.0 <= None
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* xen >= 4.12.0 <= 4.15.0
cpe:2.3:o:xen:xen:4.15.0:rc1:*:*:*:*:*:* xen == None == 4.15.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen 3.11-main 4.13.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.12-main 4.13.4-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.13-main 4.14.5-r7 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.14-main 4.15.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.15-main 4.15.5-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.16-main 4.16.6-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.18.2-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.20-main 4.18.3-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.19-main 4.18.3-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.18-main 4.17.5-r1 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.17-main 4.16.6-r2 Natanael Copa <ncopa@alpinelinux.org> fixed