CVE-2021-28702

Published: Oct 6, 2021Modified: Nov 21, 2024

7.6

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 6.0

Source: NVD

Description

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Affected (5)

Products: Xen: Xen · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	From 4.13.0 to 4.15.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (14)

http://www.openwall.com/lists/oss-security/2021/10/07/2

Source: security@xen.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OIHEJ3R3EH5DYI2I5UMD2ULJ2ELA3EX/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDPRMOBBLS74ONYP3IXZZXSTLKR7GRQB/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAWV6PO2KUGVZTESERECOBUBZ6X45I7/

Source: security@xen.org

https://security.gentoo.org/glsa/202208-23

Source: security@xen.org

Third Party Advisory

https://www.debian.org/security/2021/dsa-5017

Source: security@xen.org

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-386.txt

Source: security@xen.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2021/10/07/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OIHEJ3R3EH5DYI2I5UMD2ULJ2ELA3EX/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDPRMOBBLS74ONYP3IXZZXSTLKR7GRQB/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAWV6PO2KUGVZTESERECOBUBZ6X45I7/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202208-23

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2021/dsa-5017

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-386.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.