CVE-2021-28702

NameCVE-2021-28702
DescriptionPCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)stretch (security), stretch4.8.5.final+shim4.10.4-1+deb9u12fixed
buster, buster (security)4.11.4+107-gef32c7afa2-1fixed
bullseye (security), bullseye4.14.3-1~deb11u1vulnerable
bookworm, sid4.14.3-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensourcestretch(not affected)
xensourcebuster(not affected)
xensource(unstable)(unfixed)

Notes

[bullseye] - xen <postponed> (Minor issue, fix along with next DSA)
[buster] - xen <not-affected> (Vulnerable code introduced later)
[stretch] - xen <not-affected> (Vulnerable code introduced later)
https://xenbits.xen.org/xsa/advisory-386.html

Search for package or bug name: Reporting problems