ALPINE-CVE-2021-28694 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2021-28694 PUBLISHED CVSS 6.800000190734863 MEDIUM

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).

Risk Scores

CVSS v3.1

6.800000190734863

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.21	xen	4.10.1-r2, 0, 4.0.1-r0
Alpine:v3.15	xen	0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.20	xen	4.0.1-r0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.12	xen	4.3.2-r1, 4.2.0-r3, 4.2.0-r2
Alpine:v3.11	xen	4.2.0-r0, 4.13.3-r1, 4.13.3-r0
Alpine:v3.23	xen	4.9.1-r3, 0, 4.0.1-r0
Alpine:v3.17	xen	4.12.0-r3, 4.13.1-r4, 4.13.1-r5
Alpine:v3.13	xen	0, 4.9.1-r2, 4.0.1-r0
Alpine:v3.22	xen	4.1.2-r10, 0, 4.0.1-r0
Alpine:v3.19	xen	4.13.1-r3, 4.13.1-r2, 4.13.1-r1
Alpine:v3.16	xen	4.13.1-r3, 4.13.1-r2, 4.13.1-r1
Alpine:v3.18	xen	4.13.1-r5, 4.13.1-r4, 4.13.1-r2
Alpine:v3.14	xen	4.13.1-r4, 4.13.1-r5, 4.14.0-r0

Timeline

Aug 27, 2021 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2021-28694 advisory

Open in Interactive Console →