{"containers":{"cna":{"affected":[{"product":"xen","vendor":"Xen","versions":[{"lessThan":"4.12","status":"unknown","version":"unspecified","versionType":"custom"},{"lessThan":"unspecified","status":"affected","version":"4.13.x","versionType":"custom"},{"lessThan":"unspecified","status":"unaffected","version":"next of xen-unstable","versionType":"custom"}]},{"product":"xen","vendor":"Xen","versions":[{"status":"affected","version":"4.12.x"}]},{"product":"xen","vendor":"Xen","versions":[{"status":"affected","version":"4.11.x"}]}],"credits":[{"lang":"en","value":"{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Andrew Cooper of Citrix.'}]}}}"}],"descriptions":[{"lang":"en","value":"x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."}],"metrics":[{"other":{"content":{"description":{"description_data":[{"lang":"eng","value":"After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak.  For full details of the impact, see\nXSA-305."}]}},"type":"unknown"}}],"problemTypes":[{"descriptions":[{"description":"unknown","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-07-12T04:06:32.000Z","orgId":"23aa2041-22e1-471f-9209-9b7396fa234f","shortName":"XEN"},"references":[{"tags":["x_refsource_MISC"],"url":"https://xenbits.xenproject.org/xsa/advisory-377.txt"},{"name":"GLSA-202107-30","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"https://security.gentoo.org/glsa/202107-30"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@xen.org","ID":"CVE-2021-28690","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"xen","version":{"version_data":[{"version_affected":"?<","version_value":"4.12"},{"version_affected":">=","version_value":"4.13.x"},{"version_affected":"!>","version_value":"xen-unstable"}]}},{"product_name":"xen","version":{"version_data":[{"version_value":"4.12.x"}]}},{"product_name":"xen","version":{"version_data":[{"version_value":"4.11.x"}]}}]},"vendor_name":"Xen"}]}},"configuration":{"configuration_data":{"description":{"description_data":[{"lang":"eng","value":"See XSA-305 for details of susceptibility to TAA.\n\nOnly systems which are susceptible to TAA and have the XSA-305 fix are\nvulnerable.  Only systems which support S3 suspend/resume are vulnerable.\n\nThe vulnerability is only exposed if S3 suspend/resume is used."}]}}},"credit":{"credit_data":{"description":{"description_data":[{"lang":"eng","value":"This issue was discovered by Andrew Cooper of Citrix."}]}}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend."}]},"impact":{"impact_data":{"description":{"description_data":[{"lang":"eng","value":"After using S3 suspend at least once, CPU0 remains vulnerable to TAA.\n\nThis is an information leak.  For full details of the impact, see\nXSA-305."}]}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unknown"}]}]},"references":{"reference_data":[{"name":"https://xenbits.xenproject.org/xsa/advisory-377.txt","refsource":"MISC","url":"https://xenbits.xenproject.org/xsa/advisory-377.txt"},{"name":"GLSA-202107-30","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/202107-30"}]},"workaround":{"workaround_data":{"description":{"description_data":[{"lang":"eng","value":"Not using S3 suspend/resume avoids the vulnerability."}]}}}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T21:47:33.124Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://xenbits.xenproject.org/xsa/advisory-377.txt"},{"name":"GLSA-202107-30","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"https://security.gentoo.org/glsa/202107-30"}]}]},"cveMetadata":{"assignerOrgId":"23aa2041-22e1-471f-9209-9b7396fa234f","assignerShortName":"XEN","cveId":"CVE-2021-28690","datePublished":"2021-06-29T11:16:36.000Z","dateReserved":"2021-03-18T00:00:00.000Z","dateUpdated":"2024-08-03T21:47:33.124Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}