CVE-2022-26360

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

16 Jun 2022, 20:45

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/ - Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/ - Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5117 - (DEBIAN) https://www.debian.org/security/2022/dsa-5117 - Third Party Advisory

02 May 2022, 12:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/ -

21 Apr 2022, 23:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/ -

19 Apr 2022, 12:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5117 -

14 Apr 2022, 19:21

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References (MISC) https://xenbits.xenproject.org/xsa/advisory-400.txt - (MISC) https://xenbits.xenproject.org/xsa/advisory-400.txt - Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/04/05/3 - (MLIST) http://www.openwall.com/lists/oss-security/2022/04/05/3 - Mailing List, Patch, Third Party Advisory
References (CONFIRM) http://xenbits.xen.org/xsa/advisory-400.html - (CONFIRM) http://xenbits.xen.org/xsa/advisory-400.html - Patch, Vendor Advisory
CPE cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*
CVSS v2 : unknown
v3 : unknown
v2 : 4.4
v3 : 7.8

05 Apr 2022, 15:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/04/05/3 -
  • (CONFIRM) http://xenbits.xen.org/xsa/advisory-400.html -

05 Apr 2022, 13:21

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-05 13:15

Updated : 2024-02-04 08:15


NVD link : CVE-2022-26360

Mitre link : CVE-2022-26360

CVE.ORG link : CVE-2022-26360


JSON object : View

Products Affected

debian

  • debian_linux

xen

  • xen

fedoraproject

  • fedora