Lucene search

XENCVE-2022-26360

HistoryApr 05, 2022 - 1:15 p.m.

CVE-2022-26360

2022-04-0513:15:07

XEN

web.nvd.nist.gov

iommu

rmrr

vt-d

unity map

amd-vi

pci devices

reserved memory regions

dma

interrupts

iommu faults

memory corruption

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

27.5%

JSON

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”) for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Affected configurations

Nvd

Node

xenxenMatch-x86

Node

debiandebian_linuxMatch9.0

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

VendorProductVersionCPE
xenxen-cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	-	cpe:2.3:o:xen:xen:-::::::x86:
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*

CNA Affected

[
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "consult Xen advisory XSA-400",
        "status": "unknown"
      }
    ]
  }
]