CVE-2021-26933

Name of the Vulnerable Software and Affected Versions Xen versions 4.9 through 4.14.x

Description An issue was discovered in Xen where a guest is allowed to control whether memory accesses are bypassing the cache on Arm systems. This means Xen needs to ensure all writes have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed, resulting in no guarantee when all the writes will reach the memory.

Recommendations For Xen versions 4.9 through 4.14.x, as a temporary workaround, consider implementing additional checks to ensure that all writes have reached the memory before handing over the page to a guest, or restrict access to the cache cleaning operation until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.