CVE-2021-28702
Description
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
20- osv-coords18 versionspkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/xen&distro=openSUSE%20Tumbleweedpkg:rpm/suse/xen&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.0pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 4.13.4_02-lp152.2.33.1+ 17 more
- (no CPE)range: < 4.13.4_02-lp152.2.33.1
- (no CPE)range: < 4.14.3_04-3.15.1
- (no CPE)range: < 4.16.0_01-1.1
- (no CPE)range: < 4.12.4_16-3.57.1
- (no CPE)range: < 4.12.4_16-3.57.1
- (no CPE)range: < 4.12.4_16-3.57.1
- (no CPE)range: < 4.13.4_02-3.40.1
- (no CPE)range: < 4.14.3_04-3.15.1
- (no CPE)range: < 4.13.4_02-3.40.1
- (no CPE)range: < 4.14.3_04-3.15.1
- (no CPE)range: < 4.13.4_02-3.40.1
- (no CPE)range: < 4.14.3_04-3.15.1
- (no CPE)range: < 4.12.4_16-3.55.1
- (no CPE)range: < 4.12.4_16-3.57.1
- (no CPE)range: < 4.12.4_16-3.57.1
- (no CPE)range: < 4.12.4_16-3.55.1
- (no CPE)range: < 4.12.4_16-3.57.1
- (no CPE)range: < 4.12.4_16-3.55.1
Patches
Vulnerability mechanics
References
7- www.openwall.com/lists/oss-security/2021/10/07/2nvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/202208-23nvdThird Party Advisory
- www.debian.org/security/2021/dsa-5017nvdThird Party Advisory
- xenbits.xenproject.org/xsa/advisory-386.txtnvdVendor Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OIHEJ3R3EH5DYI2I5UMD2ULJ2ELA3EX/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDPRMOBBLS74ONYP3IXZZXSTLKR7GRQB/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAWV6PO2KUGVZTESERECOBUBZ6X45I7/nvd
News mentions
0No linked articles in our index yet.