CVE-2021-28689

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue is related to the implementation of paravirtualization (PV) mode in the Xen hypervisor, specifically with the use of the Indirect Branch Restricted Speculation (IBRS) mechanism. This could allow an attacker to gain unauthorized access to protected information. The problem arises because IBRS does not protect ring 0 from predictions learned in ring 1, which can lead to speculative execution side-channel attacks, including Spectre v2. The situation is similar for other mitigations of speculative execution attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-212

Related Identifiers

BDU:2021-03554

CVE-2021-28689

OPENSUSE-SU-2022_3665-1

SUSE-SU-2021:1648-1

SUSE-SU-2021_1648-1

SUSE-SU-2022:3665-1

SUSE-SU-2022:3728-1

SUSE-SU-2022:3925-1

SUSE-SU-2022:3928-1

SUSE-SU-2022:3971-1

SUSE-SU-2022:4051-1

SUSE-SU-2022:4241-1

SUSE-SU-2022_3665-1

SUSE-SU-2022_3728-1

SUSE-SU-2022_3925-1

SUSE-SU-2022_3928-1

SUSE-SU-2022_3971-1

SUSE-SU-2022_4051-1

SUSE-SU-2022_4241-1

Affected Products

Debian

Suse

Xen

CVE-2021-28689

Weakness Enumeration

Related Identifiers

Affected Products

References · 74