{"api_version":"1","generated_at":"2026-04-22T23:53:30+00:00","cve":"CVE-2022-26361","urls":{"html":"https://cve.report/CVE-2022-26361","api":"https://cve.report/api/cve/CVE-2022-26361.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-26361","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-26361"},"summary":{"title":"CVE-2022-26361","description":"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.","state":"PUBLIC","assigner":"security@xen.org","published_at":"2022-04-05 13:15:00","updated_at":"2024-02-04 08:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-400.txt","name":"https://xenbits.xenproject.org/xsa/advisory-400.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5117","name":"DSA-5117","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5117-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://xenbits.xen.org/xsa/advisory-400.html","name":"http://xenbits.xen.org/xsa/advisory-400.html","refsource":"CONFIRM","tags":[],"title":"XSA-400 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/","name":"FEDORA-2022-dfbf7e2372","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: xen-4.15.2-3.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/04/05/3","name":"[oss-security] 20220405 Xen Security Advisory 400 v2 (CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361) - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 400 v2 (CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361)\n - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202402-07","name":"GLSA-202402-07","refsource":"","tags":[],"title":"Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/","name":"FEDORA-2022-64b2c02d29","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/","name":"FEDORA-2022-dfbf7e2372","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: xen-4.15.2-3.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/","name":"FEDORA-2022-64b2c02d29","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-26361","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26361","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Array","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"26361","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"26361","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"26361","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"26361","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x86","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-26361","qid":"179182","title":"Debian Security Update for xen (DSA 5117-1)"},{"cve":"CVE-2022-26361","qid":"181893","title":"Debian Security Update for xen (CVE-2022-26361)"},{"cve":"CVE-2022-26361","qid":"282617","title":"Fedora Security Update for xen (FEDORA-2022-dfbf7e2372)"},{"cve":"CVE-2022-26361","qid":"282643","title":"Fedora Security Update for xen (FEDORA-2022-64b2c02d29)"},{"cve":"CVE-2022-26361","qid":"500806","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26361","qid":"501523","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26361","qid":"502242","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26361","qid":"502421","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26361","qid":"504548","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26361","qid":"710858","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)"},{"cve":"CVE-2022-26361","qid":"752054","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1285-1)"},{"cve":"CVE-2022-26361","qid":"752065","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1300-1)"},{"cve":"CVE-2022-26361","qid":"752073","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1359-1)"},{"cve":"CVE-2022-26361","qid":"752075","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1408-1)"},{"cve":"CVE-2022-26361","qid":"752099","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1506-1)"},{"cve":"CVE-2022-26361","qid":"752100","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1505-1)"},{"cve":"CVE-2022-26361","qid":"752227","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:2065-1)"},{"cve":"CVE-2022-26361","qid":"752262","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:2158-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@xen.org","ID":"CVE-2022-26361","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"xen","version":{"version_data":[{"version_affected":"?","version_value":"consult Xen advisory XSA-400"}]}}]},"vendor_name":"Xen"}]}},"configuration":{"configuration_data":{"description":{"description_data":[{"lang":"eng","value":"All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 systems with IOMMU hardware are vulnerable.  Arm systems\nas well as x86 systems without IOMMU hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them,\nand only when any such device has an associated RMRR or unity map, can\nleverage the vulnerability. (Whether a device is associated with an RMRR\nor unity map is not easy to discern.)"}]}}},"credit":{"credit_data":{"description":{"description_data":[{"lang":"eng","value":"Aspects of this issue were discovered by Jan Beulich of SUSE and\nRoger Pau Monné of Citrix."}]}}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption."}]},"impact":{"impact_data":{"description":{"description_data":[{"lang":"eng","value":"The precise impact is system specific, but would likely be a Denial of\nService (DoS) affecting the entire host.  Privilege escalation and\ninformation leaks cannot be ruled out."}]}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unknown"}]}]},"references":{"reference_data":[{"url":"https://xenbits.xenproject.org/xsa/advisory-400.txt","refsource":"MISC","name":"https://xenbits.xenproject.org/xsa/advisory-400.txt"},{"refsource":"CONFIRM","name":"http://xenbits.xen.org/xsa/advisory-400.html","url":"http://xenbits.xen.org/xsa/advisory-400.html"},{"refsource":"MLIST","name":"[oss-security] 20220405 Xen Security Advisory 400 v2 (CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361) - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues","url":"http://www.openwall.com/lists/oss-security/2022/04/05/3"},{"refsource":"DEBIAN","name":"DSA-5117","url":"https://www.debian.org/security/2022/dsa-5117"},{"refsource":"FEDORA","name":"FEDORA-2022-dfbf7e2372","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/"},{"refsource":"FEDORA","name":"FEDORA-2022-64b2c02d29","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/"}]},"workaround":{"workaround_data":{"description":{"description_data":[{"lang":"eng","value":"Not passing through physical devices to untrusted guests when the\ndevices have assoicated RMRRs / unity maps will avoid the vulnerability."}]}}}},"nvd":{"publishedDate":"2022-04-05 13:15:00","lastModifiedDate":"2024-02-04 08:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.4},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:-:*:*:*:*:*:x86:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}