IOMMU Handling Issues Affecting Xen Project PCI Devices
CVE-2022-26358

7.8HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 April 2022

What is CVE-2022-26358?

The vulnerability relates to improper handling of Reserved Memory Regions (RMRR) in Intel VT-d and Unity Mapping ranges in AMD-Vi for certain PCI devices. When a device assigned to these regions becomes active, its continuous access is crucial; however, this requirement is violated, leading to potential unpredictable behavior. Issues can arise from direct memory access (DMA) operations or interrupts, resulting in IOMMU faults or memory corruption risks.

Affected Version(s)

xen consult Xen advisory XSA-400

References

https://xenbits.xenproject.org/xsa/advisory-400.txt

http://xenbits.xen.org/xsa/advisory-400.html

http://www.openwall.com/lists/oss-security/2022/04/05/3

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2022
Vulnerability Reserved
Mar 2, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix.'}]}}}