CVE-2021-28690 - OpenCVE

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Xen	Xen

Configuration 1 [-]

OR	cpe:2.3:o:xen:xen::::::::
	cpe:2.3:o:xen:xen:4.15.0:rc1::::::

References

Link	Resource
https://security.gentoo.org/glsa/202107-30	Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-377.txt	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: XEN

Published: 2021-06-29T11:16:36

Updated: 2021-07-12T04:06:32

Reserved: 2021-03-18T00:00:00

Link: CVE-2021-28690

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-29T12:15:08.513

Modified: 2021-09-21T16:13:45.407

Link: CVE-2021-28690

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "xen", "vendor": "Xen", "versions": [{"lessThan": "4.12", "status": "unknown", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "4.13.x", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unaffected", "version": "next of xen-unstable", "versionType": "custom"}]}, {"product": "xen", "vendor": "Xen", "versions": [{"status": "affected", "version": "4.12.x"}]}, {"product": "xen", "vendor": "Xen", "versions": [{"status": "affected", "version": "4.11.x"}]}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Andrew Cooper of Citrix.'}]}}}"}], "descriptions": [{"lang": "en", "value": "x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."}], "metrics": [{"other": {"content": {"description": {"description_data": [{"lang": "eng", "value": "After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak. For full details of the impact, see\nXSA-305."}]}}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "unknown", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-12T04:06:32", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://xenbits.xenproject.org/xsa/advisory-377.txt"}, {"name": "GLSA-202107-30", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202107-30"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@xen.org", "ID": "CVE-2021-28690", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "xen", "version": {"version_data": [{"version_affected": "?<", "version_value": "4.12"}, {"version_affected": ">=", "version_value": "4.13.x"}, {"version_affected": "!>", "version_value": "xen-unstable"}]}}, {"product_name": "xen", "version": {"version_data": [{"version_value": "4.12.x"}]}}, {"product_name": "xen", "version": {"version_data": [{"version_value": "4.11.x"}]}}]}, "vendor_name": "Xen"}]}}, "configuration": {"configuration_data": {"description": {"description_data": [{"lang": "eng", "value": "See XSA-305 for details of susceptibility to TAA.\n\nOnly systems which are susceptible to TAA and have the XSA-305 fix are\nvulnerable. Only systems which support S3 suspend/resume are vulnerable.\n\nThe vulnerability is only exposed if S3 suspend/resume is used."}]}}}, "credit": {"credit_data": {"description": {"description_data": [{"lang": "eng", "value": "This issue was discovered by Andrew Cooper of Citrix."}]}}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."}]}, "impact": {"impact_data": {"description": {"description_data": [{"lang": "eng", "value": "After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak. For full details of the impact, see\nXSA-305."}]}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unknown"}]}]}, "references": {"reference_data": [{"name": "https://xenbits.xenproject.org/xsa/advisory-377.txt", "refsource": "MISC", "url": "https://xenbits.xenproject.org/xsa/advisory-377.txt"}, {"name": "GLSA-202107-30", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-30"}]}, "workaround": {"workaround_data": {"description": {"description_data": [{"lang": "eng", "value": "Not using S3 suspend/resume avoids the vulnerability."}]}}}}}}, "cveMetadata": {"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2021-28690", "datePublished": "2021-06-29T11:16:36", "dateReserved": "2021-03-18T00:00:00", "dateUpdated": "2021-07-12T04:06:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E9CE2ED-57BB-4DE3-85AF-3434645E0B96", "versionEndIncluding": "4.15.0", "versionStartIncluding": "4.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "68E7691E-21CB-46E3-823B-4262C9E5C33E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."}, {"lang": "es", "value": "x86: Las protecciones TSX Async Abort no son restauradas despu\u00e9s de S3. Este problema est\u00e1 relacionado con una vulnerabilidad de seguridad especulativa TSX Async Abort. Consulte https://xenbits.xen.org/xsa/advisory-305.html para mayor detalles. La mitigaci\u00f3n de TAA al desactivar TSX (la opci\u00f3n predeterminada y preferida) requiere seleccionar una configuraci\u00f3n no predeterminada en MSR_TSX_CTRL. Esta configuraci\u00f3n no se restaura despu\u00e9s de la suspensi\u00f3n de S3"}], "id": "CVE-2021-28690", "lastModified": "2021-09-21T16:13:45.407", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-29T12:15:08.513", "references": [{"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202107-30"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-377.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}