CVE-2021-0089 — Observable Discrepancy in XEN

CWE-203 — Observable Discrepancy CWE-1420 — Exposure of Sensitive Information during Transient Execution6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 82.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedJun 9

Latest updateMay 2

Description

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

▶debiandebian/xen< xen 4.14.2+25-gb6a8c4f72d-1 (bookworm)

▶Debianxen/xen< 4.14.2+25-gb6a8c4f72d-1+3

Also affects: Debian Linux 10.0, Fedora 33, 34

🔴Vulnerability Details

GHSA

GHSA-hhg2-c4p3-h55x: Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access↗2022-05-24

▶

OSV

CVE-2021-0089: Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access↗2021-06-09

▶

📋Vendor Advisories

CISA ICS

Mitsubishi Electric Factory Automation Products↗2023-05-02

▶

Debian

CVE-2021-0089: xen - Observable response discrepancy in some Intel(R) Processors may allow an authori...↗2021

▶

📐Framework References

CWE

Exposure of Sensitive Information during Transient Execution↗

▶