admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

XSA-400 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361

Browse Source 
Xensec source data: xsa.git#xsa-400-v2
Xensec source infra: xsa.git#68c0fa9f3e0d73662983cf7ed6ec64ee9c20b300
This commit is contained in:
Xen Project Security Team 2022-04-05 12:45:12 +00:00
parent 8902bb6a6b
commit 87a213d94b
4 changed files with 420 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2022/26xxx/CVE-2022-26358.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26358",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26358"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
}
]
}
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}

120
2022/26xxx/CVE-2022-26359.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26359",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26359"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
}
]
}
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}

120
2022/26xxx/CVE-2022-26360.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26360",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26360"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
}
]
}
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}

120
2022/26xxx/CVE-2022-26361.json
View File

@ -1,18 +1,108 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26361",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta" : {
"ASSIGNER" : "security@xenproject.org",
"ID" : "CVE-2022-26361"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product" : {
"product_data" : [
{
"product_name" : "xen",
"version" : {
"version_data" : [
{
"version_affected" : "?",
"version_value" : "consult Xen advisory XSA-400"
}
]
}
}
]
},
"vendor_name" : "Xen"
}
]
}
}
]
}
},
"configuration" : {
"configuration_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"
}
]
}
}
},
"credit" : {
"credit_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."
}
]
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues\n\nT[his CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nCertain PCI devices in a system might be assigned Reserved Memory\nRegions (specified via Reserved Memory Region Reporting, \"RMRR\") for\nIntel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used\nfor platform tasks such as legacy USB emulation.\n\nSince the precise purpose of these regions is unknown, once a device\nassociated with such a region is active, the mappings of these regions\nneed to remain continuouly accessible by the device. This requirement\nhas been violated.\n\nSubsequent DMA or interrupts from the device may have unpredictable\nbehaviour, ranging from IOMMU faults to memory corruption."
}
]
},
"impact" : {
"impact_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
}
]
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unknown"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://xenbits.xenproject.org/xsa/advisory-400.txt"
}
]
},
"workaround" : {
"workaround_data" : {
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."
}
]
}
}
}
}