Описание
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Ссылки
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.6 High
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
PCI devices with RMRRs not deassigned correctly Certain PCI devices in ...
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Уязвимость гипервизора Xen, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
EPSS
7.6 High
CVSS3
4.6 Medium
CVSS2