CVE-2021-28690 — XEN vulnerability

4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 41.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJun 29

Latest updateMay 24

Description

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5xen/xen4.13.x — unspecified+2

▶debiandebian/xen< xen 4.14.2+25-gb6a8c4f72d-1 (bookworm)

▶Debianxen/xen< 4.14.2+25-gb6a8c4f72d-1+3

▶NVDxen/xen4.12 — 4.15.0+1

Patches

Patch: xenbits.xenproject.org ↗Patch: xenbits.xenproject.org ↗

🔴Vulnerability Details

GHSA

GHSA-7qwx-5h4j-5c9w: x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability↗2022-05-24

▶

OSV

CVE-2021-28690: x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability↗2021-06-29

▶

📋Vendor Advisories

Debian

CVE-2021-28690: xen - x86: TSX Async Abort protections not restored after S3 This issue relates to the...↗2021

▶