Lucene search

K
cve[email protected]CVE-2021-28694
HistoryAug 27, 2021 - 7:15 p.m.

CVE-2021-28694

2021-08-2719:15:07
web.nvd.nist.gov
114
7
iommu
page mapping
x86
amd
intel
acpi
memory
vulnerability
cve-2021-28694
cve-2021-28695
cve-2021-28696
nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn’t have access to anymore (CVE-2021-28696).

Affected configurations

NVD
Node
xenxen
Node
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
OR
fedoraprojectfedoraMatch35
Node
debiandebian_linuxMatch11.0
CPENameOperatorVersion
xen:xenxeneq*

CNA Affected

[
  {
    "product": "xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "affected",
        "version": "4.11.x"
      }
    ]
  },
  {
    "product": "xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "affected",
        "version": "xen-unstable"
      }
    ]
  },
  {
    "product": "xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "affected",
        "version": "4.12.x"
      }
    ]
  },
  {
    "product": "xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "affected",
        "version": "4.14.x"
      }
    ]
  },
  {
    "product": "xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "affected",
        "version": "4.15.x"
      }
    ]
  },
  {
    "product": "xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "affected",
        "version": "4.13.x"
      }
    ]
  }
]

Social References

More

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.2%