CVE-2021-27379

NameCVE-2021-27379
DescriptionAn issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4888-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12fixed
buster, buster (security)4.11.4+107-gef32c7afa2-1fixed
bullseye (security), bullseye4.14.3-1~deb11u1fixed
bookworm, sid4.14.3+32-g9de3671772-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcestretch(not affected)
xensourcebuster4.11.4+99-g8bce4698f6-1DSA-4888-1
xensource(unstable)4.14.0+80-gd101b417b7-1

Notes

[stretch] - xen <not-affected> (Incomplete fix for CVE-2020-15565 not applied)
https://xenbits.xen.org/xsa/advisory-366.html
Mark first version in 4.14.x which landed in unstable as fixed, though
the issue more precisely only affects Xen versions up to 4.11 with version
containing broken backport for XSA-321 / CVE-2020-15565

Search for package or bug name: Reporting problems