Home > Vulnerability Database > CVE-2021-28693

Mend.io Vulnerability Database

CVE-2021-28693

Date: June 30, 2021

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.

Language: C

Severity Score

5.5

Related Resources (6)

Url: https://security.gentoo.org/glsa/202107-30

Url: https://security.alpinelinux.org/vuln/CVE-2021-28693

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-28693

Url: https://xenbits.xenproject.org/xsa/advisory-372.txt

Url: https://security-tracker.debian.org/tracker/CVE-2021-28693

Url: https://www.mend.io/vulnerability-database/CVE-2021-28693

Severity Score

5.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-28693

Date: June 30, 2021

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?