VDB
CVE-2021-26933
CVE-2021-26933
PUBLISHED
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.
EPSS 0.08% · 23.8th percentile
Risk Scores
EPSS Score
0.08%
23.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | xen | 0, 4.5.1-0ubuntu1, 4.6.0-1ubuntu1 |
| Ubuntu:20.04:LTS | xen | *, 0, 4.9.2-0ubuntu2 |
| Ubuntu:18.04:LTS | xen | 4.9.0-0ubuntu3, 4.9.0-0ubuntu4, 4.9.2-0ubuntu1 |
| Ubuntu:25.10 | xen | 4.20.0+68-g35cb38b222-1, 4.20.0-1ubuntu1, 0 |
| Ubuntu:24.04:LTS | xen | *, 4.17.2-1, * |
| Ubuntu:22.04:LTS | xen | 4.16.0-1~ubuntu2.1, 4.16.0-1~ubuntu2, 4.11.4+24-gddaaccbbab-1ubuntu2 |
Timeline
- Feb 17, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-26933 third-party-advisory
- https://www.openwall.com/lists/oss-security/2021/02/16/5 third-party-advisory
- https://xenbits.xen.org/xsa/advisory-364.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-26933 third-party-advisory