CVE-2021-28693 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-28693 PUBLISHED

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.

EPSS 0.06% · 18.7th percentile

Risk Scores

EPSS Score

0.06%

18.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	xen	0, 4.9.2-0ubuntu1, 4.9.0-0ubuntu4
Ubuntu:25.10	xen	0, 4.20.0+68-g35cb38b222-1, 4.20.0-1ubuntu1
Ubuntu:22.04:LTS	xen	4.11.4+24-gddaaccbbab-1ubuntu2, 4.16.0-1~ubuntu2, 4.16.0-1~ubuntu2.1
Ubuntu:24.04:LTS	xen	4.17.2-1, 4.17.2+55-g0b56bed864-1, 4.17.2+76-ge1f9cb16e2-1ubuntu1
Ubuntu:16.04:LTS	xen	0, 4.5.1-0ubuntu1, 4.5.1-0ubuntu2
Ubuntu:20.04:LTS	xen	4.11.3+24-g14b62ab3e5-1ubuntu2.3, 4.11.3+24-g14b62ab3e5-1ubuntu2.2, 4.11.3+24-g14b62ab3e5-1ubuntu2

Timeline

Jun 10, 2021 CVE Published
Jul 1, 2021 EPSS Score
Aug 30, 2021 EPSS Score
Oct 28, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 24, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 25, 2022 EPSS Score
Jun 23, 2022 EPSS Score
Aug 23, 2022 EPSS Score
Oct 21, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-28693 third-party-advisory
https://xenbits.xen.org/xsa/advisory-372.html third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-28693 third-party-advisory

Open in Interactive Console →