CVE-2021-28693 Information

Jun 07, 2022 cve

Description

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel initramfs…) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules Xen must \scrub\ them before handing the page over to the allocator. Unfortunately it was discovered that modules will not be scrubbed on Arm.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://xenbits.xenproject.org/xsa/advisory-372.txt https://security.gentoo.org/glsa/202107-30

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5

Share on: