CVE-2021-28690 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-28690 PUBLISHED

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.

EPSS 0.36% · 57.8th percentile

Risk Scores

EPSS Score

0.36%

57.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	xen	4.6.0-1ubuntu4.3, 4.6.0-1ubuntu4, 4.6.0-1ubuntu4.1
Ubuntu:18.04:LTS	xen	4.9.2-0ubuntu1, 4.9.0-0ubuntu4, 4.9.0-0ubuntu3
Ubuntu:25.10	xen	4.20.0+68-g35cb38b222-1, 0, 4.20.0-1ubuntu1
Ubuntu:20.04:LTS	xen	4.11.3+24-g14b62ab3e5-1ubuntu2, 4.11.3+24-g14b62ab3e5-1ubuntu1, 4.9.2-0ubuntu7
Ubuntu:24.04:LTS	xen	4.17.3+10-g091466ba55-1.1ubuntu3, 0, 4.17.2-1
Ubuntu:22.04:LTS	xen	4.16.0-1~ubuntu2, 0, 4.11.4+24-gddaaccbbab-1ubuntu2

Timeline

Jun 10, 2021 CVE Published
Jun 30, 2021 EPSS Score
Aug 29, 2021 EPSS Score
Oct 27, 2021 EPSS Score
Dec 26, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 23, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 24, 2022 EPSS Score
Jun 22, 2022 EPSS Score
Aug 22, 2022 EPSS Score
Oct 20, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-28690 third-party-advisory
https://xenbits.xen.org/xsa/advisory-377.html third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-28690 third-party-advisory

Open in Interactive Console →