CVE-2022-26359
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
IOMMU: Problemas de manejo de RMRR (VT-d) y mapa de unidad (AMD-Vi) E[ste registro de información CNA es relacionado con múltiples CVEs; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE]. Algunos dispositivos PCI de un sistema pueden tener asignadas Regiones de Memoria Reservada (especificadas por medio de Reserved Memory Region Reporting, "RMRR") para Intel VT-d o rangos de Unity Mapping para AMD-Vi. Normalmente son usados para tareas de plataforma como la emulación de USB heredada. Dado que es desconocido el propósito preciso de estas regiones, una vez que un dispositivo asociado a una región de este tipo está activo, los mapeos de estas regiones deben permanecer continuamente accesibles por el dispositivo. Este requisito ha sido violado. Las subsiguientes DMA o interrupciones del dispositivo pueden tener un comportamiento imprevisible, que va desde los fallos de la IOMMU hasta la corrupción de la memoria
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-02 CVE Reserved
- 2022-04-05 CVE Published
- 2023-10-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/04/05/3 | 2024-02-04 | |
| http://xenbits.xen.org/xsa/advisory-400.html | 2024-02-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | x86 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||