CVE-2022-26361

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

16 Jun 2022, 21:01

Type Values Removed Values Added
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5117 - (DEBIAN) https://www.debian.org/security/2022/dsa-5117 - Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

02 May 2022, 12:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/ -

21 Apr 2022, 23:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/ -

19 Apr 2022, 12:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5117 -

14 Apr 2022, 19:17

Type Values Removed Values Added
CPE cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*
References (MISC) https://xenbits.xenproject.org/xsa/advisory-400.txt - (MISC) https://xenbits.xenproject.org/xsa/advisory-400.txt - Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/04/05/3 - (MLIST) http://www.openwall.com/lists/oss-security/2022/04/05/3 - Mailing List, Patch, Third Party Advisory
References (CONFIRM) http://xenbits.xen.org/xsa/advisory-400.html - (CONFIRM) http://xenbits.xen.org/xsa/advisory-400.html - Patch, Vendor Advisory
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : 4.4
v3 : 7.8

05 Apr 2022, 15:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/04/05/3 -
  • (CONFIRM) http://xenbits.xen.org/xsa/advisory-400.html -

05 Apr 2022, 13:21

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-05 13:15

Updated : 2024-02-04 08:15


NVD link : CVE-2022-26361

Mitre link : CVE-2022-26361

CVE.ORG link : CVE-2022-26361


JSON object : View

Products Affected

debian

  • debian_linux

xen

  • xen

fedoraproject

  • fedora