vulnerability

Alpine Linux: CVE-2021-26933: Vulnerability in Multiple Components

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Feb 17, 2021

Added

Mar 26, 2024

Modified

Mar 25, 2026

Description

An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.

Solution

alpine-linux-upgrade-xen

References

CVE-2021-26933
https://attackerkb.com/topics/CVE-2021-26933
https://security.alpinelinux.org/vuln/CVE-2021-26933
https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-13715
EUVD-EUVD-2021-13715

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report