Vulnerability CVE-2021-28690

Vulnerability Name:

CVE-2021-28690 (CCN-203195)

Assigned:

2021-06-08

Published:

2021-06-08

Updated:

2021-09-21

Summary:

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.

CVSS v3 Severity:

6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-28690

Source: CCN
Type: Xen Security Advisory XSA-377
x86: TSX Async Abort protections not restored after S3

Source: XF
Type: UNKNOWN
xen-cve202128690-info-disc(203195)

Source: GENTOO
Type: Third Party Advisory
GLSA-202107-30

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-28690

Source: MISC
Type: Patch, Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-377.txt

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:*:* (Version >= 4.12 and <= 4.15.0)

OR cpe:/o:xen:xen:4.15.0:rc1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7987	P	apache-commons-compress-1.21-150200.3.13.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8050	P	perl-Archive-Extract-0.80-1.24 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51952	P	Security update for libX11 (Moderate)	2022-11-15
oval:org.opensuse.security:def:767	P	Security update for sqlite3 (Moderate)	2022-09-19
oval:org.opensuse.security:def:95375	P	Security update for MozillaThunderbird (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:3225	P	libopus0-1.1-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3479	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3535	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3668	P	librelp0-1.2.12-3.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94855	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95165	P	xen-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94591	P	kernel-firmware-all-20220119-150400.2.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:388	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:93134	P	(Important)	2022-05-10
oval:org.opensuse.security:def:102088	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:99733	P	(Important)	2022-04-13
oval:org.opensuse.security:def:6160	P	Security update for apache2 (Important)	2022-02-16
oval:org.opensuse.security:def:41886	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:46316	P	Security update for xen (Moderate)	2021-12-01
oval:org.opensuse.security:def:30256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:55256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:82640	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:29433	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:55959	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:83343	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:30136	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:56079	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:83463	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:111049	P	Security update for xen (Important)	2021-09-07
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58820	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86143	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57088	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:84207	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86645	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57502	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:84665	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:87461	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31679	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58004	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:85729	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:23666	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:51654	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:23964	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:8650	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88501	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:127162	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:99141	P	(Important)	2021-09-03
oval:org.opensuse.security:def:59534	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89189	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:59792	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:125597	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:70290	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89447	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:10150	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:69536	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33969	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88185	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:126765	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:9396	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:5827	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:67249	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:98946	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:117484	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:96068	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:1627	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:10335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92584	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99674	P	(Important)	2021-09-02
oval:org.opensuse.security:def:69725	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:34528	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64568	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:109424	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:76317	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:93287	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101498	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9585	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:91996	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102758	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69076	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:118520	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:26117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:111699	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73690	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92783	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99988	P	(Important)	2021-09-02
oval:org.opensuse.security:def:8835	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69924	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100043	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64757	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102203	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9784	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92191	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99139	P	(Important)	2021-09-02
oval:org.opensuse.security:def:69139	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:107970	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73879	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92981	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100324	P	(Important)	2021-09-02
oval:org.opensuse.security:def:9030	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101304	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:66916	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:5104	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92385	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99411	P	(Important)	2021-09-02
oval:org.opensuse.security:def:99534	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:60351	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:42117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:108754	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:75984	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100653	P	(Important)	2021-09-02
oval:org.opensuse.security:def:70475	P	Security update for xen (Important)	2021-09-02

BACK