Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially
enable information disclosure via local access. (CVE-2021-0089)
- An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory
accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones
during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the
operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no
guarantee when all the writes will reach the memory. (CVE-2021-26933)
- x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort
speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details.
Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default
setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend. (CVE-2021-28690)
- inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel
with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, asynchronous
notification of the completion of such commands is not used. Instead, the issuing CPU spin-waits for the
completion of the most recently issued command(s). Some of these waiting loops try to apply a timeout to
fail overly-slow commands. The course of action upon a perceived timeout actually being detected is
inappropriate: - on Intel hardware guests which did not originally cause the timeout may be marked as
crashed, - on AMD hardware higher layer callers would not be notified of the issue, making them continue
as if the IOMMU operation succeeded. (CVE-2021-28692)
- xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...)
in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not
leaked from the modules, Xen must "scrub" them before handing the page over to the allocator.
Unfortunately, it was discovered that modules will not be scrubbed on Arm. (CVE-2021-28693)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 2/16/2021