CVE-2021-28690

MEDIUM6.5

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability

Published Jun 29, 2021

Modified 1 years ago

No fix available

Details

x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for details. Mitigating TAA by disabling TSX (the default and preferred option) requires selecting a non-default setting in MSR_TSX_CTRL. This setting isn't restored after S3 suspend.

References

ADVISORYhttps://security.gentoo.org/glsa/202107-30 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2021-28690 WEBhttps://xenbits.xenproject.org/xsa/advisory-377.txt

CVSS Analysis

CVSS v3.1

6.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

NoneI:N

Availability

NoneA:N

6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Ecosystems

Timeline

PublishedJun 29, 2021

ModifiedAug 3, 2024