Memory Mapping Issues in PCI Devices Affecting Xen Project
CVE-2022-26361

7.8HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 April 2022

🔔 Create Xen Project Vulnerability Alert

What is CVE-2022-26361?

The vulnerability involves handling issues related to Reserved Memory Regions (RMRR) for Intel VT-d and unity mappings for AMD-Vi in certain PCI devices. These regions are typically essential for platform functionalities such as legacy USB emulation. When a device tied to these regions is activated, the necessity for continuous accessibility leads to violations that could manifest as unpredictable behavior, including IOMMU faults and potential memory corruption. This poses significant risks to system stability and security.

Affected Version(s)

xen consult Xen advisory XSA-400

References

https://xenbits.xenproject.org/xsa/advisory-400.txt

http://xenbits.xen.org/xsa/advisory-400.html

http://www.openwall.com/lists/oss-security/2022/04/05/3

mailing-list

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2022
Vulnerability Reserved
Mar 2, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix.'}]}}}