admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-04-05 13:01:32 +00:00
parent bebd862e38
commit 598f570472
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 690 additions and 636 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

215
2022/26xxx/CVE-2022-26356.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26356"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-397"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-26356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-397"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions from at least 4.0 onwards are vulnerable.\n\nOnly x86 systems are vulnerable. Arm systems are not vulnerable.\n\nOnly domains controlling an x86 HVM guest using Hardware Assisted Paging (HAP)\ncan leverage the vulnerability. On common deployments this is limited to\ndomains that run device models on behalf of guests."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions from at least 4.0 onwards are vulnerable.\n\nOnly x86 systems are vulnerable. Arm systems are not vulnerable.\n\nOnly domains controlling an x86 HVM guest using Hardware Assisted Paging (HAP)\ncan leverage the vulnerability. On common deployments this is limited to\ndomains that run device models on behalf of guests."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Roger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Racy interactions between dirty vram tracking and paging log dirty hypercalls\n\nActivation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named\nHVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty\nhypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable\nlog dirty while another CPU is still in the process of tearing down the\nstructures related to a previously enabled log dirty mode\n(XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking\nbetween both operations and can lead to entries being added in already freed\nslots, resulting in a memory leak."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An attacker can cause Xen to leak memory, eventually leading to a Denial of\nService (DoS) affecting the entire host."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-397.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Using only PV or PVH guests and/or running HVM guests in shadow mode will avoid\nthe vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Roger Pau Monn\u00e9 of Citrix."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can cause Xen to leak memory, eventually leading to a Denial of\nService (DoS) affecting the entire host."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-397.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-397.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using only PV or PVH guests and/or running HVM guests in shadow mode will avoid\nthe vulnerability."
}
]
}
}
}
}

215
2022/26xxx/CVE-2022-26357.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26357"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-399"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-26357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-399"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen versions 4.11 through 4.16 are vulnerable. Xen versions 4.10 and\nearlier are not vulnerable.\n\nOnly x86 systems with VT-d IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without VT-d hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability."
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen versions 4.11 through 4.16 are vulnerable. Xen versions 4.10 and\nearlier are not vulnerable.\n\nOnly x86 systems with VT-d IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without VT-d hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability."
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "race in VT-d domain ID cleanup\n\nXen domain IDs are up to 15 bits wide. VT-d hardware may allow for only\nless than 15 bits to hold a domain ID associating a physical device with\na particular domain. Therefore internally Xen domain IDs are mapped to\nthe smaller value range. The cleaning up of the housekeeping structures\nhas a race, allowing for VT-d domain IDs to be leaked and flushes to be\nbypassed."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would typically be a Denial\nof Service (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-399.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests will avoid\nthe vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The precise impact is system specific, but would typically be a Denial\nof Service (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-399.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-399.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not passing through physical devices to untrusted guests will avoid\nthe vulnerability."
}
]
}
}
}
}

215
2022/26xxx/CVE-2022-26358.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26358"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-26358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monn\u00e9 of Citrix."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-400.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}

215
2022/26xxx/CVE-2022-26359.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26359"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-26359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monn\u00e9 of Citrix."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-400.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}

215
2022/26xxx/CVE-2022-26360.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26360"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-26360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monn\u00e9 of Citrix."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-400.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}

215
2022/26xxx/CVE-2022-26361.json
View File

@ -1,108 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26361"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2022-26361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?",
"version_value": "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monn\u00e9 of Citrix."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-400.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}

18
2022/28xxx/CVE-2022-28664.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2022/28xxx/CVE-2022-28665.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-28665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}