IOMMU Handling Issues in PCI Devices by Intel and AMD
CVE-2022-26359

7.8HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 April 2022

What is CVE-2022-26359?

This vulnerability arises from improper handling of Reserved Memory Regions (RMRR) for Intel VT-d and Unity Mapping for AMD-Vi in certain PCI devices. These discrepancies occur in systems where specific tasks, like legacy USB emulation, rely on the proper accessibility of these reserved regions. The failure to maintain continuous access to these mappings can lead to unpredictable device behavior, including potential IOMMU faults and memory corruption, jeopardizing the stability and security of affected systems.

Affected Version(s)

xen consult Xen advisory XSA-400

References

https://xenbits.xenproject.org/xsa/advisory-400.txt

http://xenbits.xen.org/xsa/advisory-400.html

http://www.openwall.com/lists/oss-security/2022/04/05/3

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2022
Vulnerability Reserved
Mar 2, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix.'}]}}}

Xen Project

What is CVE-2022-26359?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit