CVE-2022-26359
Summary
| CVE | CVE-2022-26359 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-05 13:15:00 UTC |
| Updated | 2024-02-04 08:15:00 UTC |
| Description | IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Xen | Xen | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| xenbits.xenproject.org/xsa/advisory-400.txt | MISC | xenbits.xenproject.org | |
| Debian -- Security Information -- DSA-5117-1 xen | DEBIAN | www.debian.org | |
| XSA-400 - Xen Security Advisories | CONFIRM | xenbits.xen.org | |
| [SECURITY] Fedora 35 Update: xen-4.15.2-3.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| oss-security - Xen Security Advisory 400 v2 (CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361) - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues | MLIST | www.openwall.com | |
| Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security | security.gentoo.org | ||
| [SECURITY] Fedora 34 Update: xen-4.14.5-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: xen-4.15.2-3.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: xen-4.14.5-1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Array
Legacy QID Mappings
- 179182 Debian Security Update for xen (DSA 5117-1)
- 184970 Debian Security Update for xen (CVE-2022-26359)
- 282617 Fedora Security Update for xen (FEDORA-2022-dfbf7e2372)
- 282643 Fedora Security Update for xen (FEDORA-2022-64b2c02d29)
- 500806 Alpine Linux Security Update for xen
- 501523 Alpine Linux Security Update for xen
- 502242 Alpine Linux Security Update for xen
- 502421 Alpine Linux Security Update for xen
- 504548 Alpine Linux Security Update for xen
- 710858 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)
- 752054 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1285-1)
- 752065 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1300-1)
- 752073 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1359-1)
- 752075 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1408-1)
- 752099 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1506-1)
- 752100 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1505-1)
- 752227 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:2065-1)
- 752262 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:2158-1)