Lucene search

[email protected]CVE-2022-26360

HistoryApr 05, 2022 - 1:15 p.m.

CVE-2022-26360

2022-04-0513:15:07

[email protected]

web.nvd.nist.gov

iommu

rmrr

vt-d

unity map

amd-vi

pci devices

reserved memory regions

dma

interrupts

iommu faults

memory corruption

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.7%

JSON

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, “RMRR”) for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Affected configurations

NVD

Node

xenxenMatch-x86

Node

debiandebian_linuxMatch9.0

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

CPENameOperatorVersion
xen:xenxeneq-

CPE	Name	Operator	Version
xen:xen	xen	eq	-

CNA Affected

[
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "consult Xen advisory XSA-400",
        "status": "unknown"
      }
    ]
  }
]