Vulnerability Description
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | >= 4.13.0, <= 4.15.1 |
| Fedoraproject | Fedora | 33 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/10/07/2Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202208-23Third Party Advisory
- https://www.debian.org/security/2021/dsa-5017Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-386.txtVendor Advisory
- http://www.openwall.com/lists/oss-security/2021/10/07/2Mailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202208-23Third Party Advisory
- https://www.debian.org/security/2021/dsa-5017Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-386.txtVendor Advisory
FAQ
What is CVE-2021-28702?
CVE-2021-28702 is a vulnerability with a CVSS score of 7.6 (HIGH). PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically ...
How severe is CVE-2021-28702?
CVE-2021-28702 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28702?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Fedoraproject Fedora, Debian Debian Linux.