IOMMU Vulnerability in PCI Devices by Vendor Impacting System Integrity
CVE-2022-26360

7.8HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 April 2022

🔔 Create Xen Project Vulnerability Alert

What is CVE-2022-26360?

This vulnerability arises from improper handling of Reserved Memory Regions (RMRR) in Intel VT-d and Unity Mapping ranges in AMD-Vi. The issue can occur in certain PCI devices that require continuous access to their respective mappings for correct operation. When a device associated with a reserved memory region becomes active, any failure to maintain the necessary continuous accessibility can lead to unpredictable behavior. This may manifest as DMA faults or memory corruption, compromising system stability and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

xen consult Xen advisory XSA-400

References

https://xenbits.xenproject.org/xsa/advisory-400.txt

http://xenbits.xen.org/xsa/advisory-400.html

http://www.openwall.com/lists/oss-security/2022/04/05/3

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2022
Vulnerability Reserved
Mar 2, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix.'}]}}}

JSON

Xen Project

What is CVE-2022-26360?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.