admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/28xxx/CVE-2021-28710.json
CVE Team e245a92218
"-Synchronized-Data."
2022-08-14 21:00:33 +00:00

129 lines
5.6 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@xen.org",
"ID": "CVE-2021-28710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xen",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "4.12"
},
{
"version_affected": ">=",
"version_value": "4.15.x"
},
{
"version_affected": "!>",
"version_value": "xen-unstable"
}
]
}
}
]
},
"vendor_name": "Xen"
}
]
}
},
"configuration": {
"configuration_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen version 4.15 is vulnerable. Xen versions 4.14 and earlier are not\nvulnerable.\n\nOnly x86 Intel systems with IOMMU(s) in use are affected. Arm\nsystems, non-Intel x86 systems, and x86 systems without IOMMU are not\naffected.\n\nOnly HVM guests with passed-through PCI devices and configured to share\nIOMMU and EPT page tables are able to leverage the vulnerability on\naffected hardware. Note that page table sharing is the default\nconfiguration on capable hardware.\n\nSystems are only affected if the IOMMU used for a passed through\ndevice requires the use of page tables less than 4 levels deep. We\nare informed that this is the case for some at least Ivybridge and\nearlier \"client\" chips; additionally it might be possible for such a\nsituation to arise when Xen is running nested under another\nhypervisor, if an (emulated) Intel IOMMU is made available to Xen."
}
]
}
}
},
"credit": {
"credit_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "This issue was discovered by Jan Beulich of SUSE."
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table's address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries."
}
]
},
"impact": {
"impact_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious guest may be able to escalate its privileges to that of\nthe host."
}
]
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unknown"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-390.txt",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-390.txt"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-03645e9807",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-23",
"url": "https://security.gentoo.org/glsa/202208-23"
}
]
},
"workaround": {
"workaround_data": {
"description": {
"description_data": [
{
"lang": "eng",
"value": "Suppressing the use of shared page tables avoids the vulnerability.\nThis can be achieved globally by passing \"iommu=no-sharept\" on the\nhypervisor command line. This can also be achieved on a per-guest basis\nvia the \"passthrough=sync_pt\" xl guest configuration file option."
}
]
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink