VDB
CVE-2021-28693
CVE-2021-28693
PUBLISHED
xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.
EPSS 0.06% · 19.0th percentile
Risk Scores
EPSS Score
0.06%
19.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | xen | 4.9.0-0ubuntu3, 4.9.0-0ubuntu4, 0 |
| Ubuntu:25.10 | xen | 0, 4.20.0-1ubuntu1, 4.20.0+68-g35cb38b222-1 |
| Ubuntu:22.04:LTS | xen | 4.16.0-1~ubuntu2.1, 4.16.0-1~ubuntu2, 0 |
| Ubuntu:24.04:LTS | xen | 4.17.2+55-g0b56bed864-1, 4.17.2+76-ge1f9cb16e2-1ubuntu1, 4.17.3+10-g091466ba55-1 |
| Ubuntu:16.04:LTS | xen | 0, 4.5.1-0ubuntu1, 4.6.0-1ubuntu2 |
| Ubuntu:20.04:LTS | xen | 4.9.2-0ubuntu2, 4.9.2-0ubuntu6, 4.9.2-0ubuntu7 |
Timeline
- Jun 10, 2021 CVE Published
- Jul 1, 2021 EPSS Score
- Aug 30, 2021 EPSS Score
- Oct 29, 2021 EPSS Score
- Dec 28, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 26, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 28, 2022 EPSS Score
- Jun 27, 2022 EPSS Score
- Aug 27, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-28693 third-party-advisory
- https://xenbits.xen.org/xsa/advisory-372.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-28693 third-party-advisory