QwikSec

Security Database

CVE

CWE

Training

CVE-2021-28702

Published: Oct 6, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Vendor	Product	Versions
Xen	xen	unknown `unspecified - < 4.12` affected `4.12.x - < unspecified` unaffected `next of xen-unstable - < unspecified`

References

https://xenbits.xenproject.org/xsa/advisory-386.txt

x_refsource_MISC

[oss-security] 20211007 Xen Security Advisory 386 v2 (CVE-2021-28702) - PCI devices with RMRRs not deassigned correctly

mailing-list

x_refsource_MLIST

FEDORA-2021-80bbe7def0

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-0b7a484688

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-829f5f2f43

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.