CVE-2022-26360
First published: Tue Apr 05 2022(Updated: )
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Credit: security@xen.org security@xen.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/xen | <=4.11.4+107-gef32c7afa2-1 | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.1+2-gb773c48e36-1 4.17.2+55-g0b56bed864-1 |
| Xen Xen | ||
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://xenbits.xen.org/xsa/advisory-400.html
- https://security-tracker.debian.org/tracker/CVE-2022-26360
- http://www.openwall.com/lists/oss-security/2022/04/05/3
- http://xenbits.xen.org/xsa/advisory-400.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
- https://www.debian.org/security/2022/dsa-5117
- https://xenbits.xenproject.org/xsa/advisory-400.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/
- https://security.gentoo.org/glsa/202402-07
Frequently Asked Questions
What is CVE-2022-26360?
CVE-2022-26360 refers to a vulnerability related to IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues.
What is the severity of CVE-2022-26360?
The severity of CVE-2022-26360 is high, with a CVSS score of 7.8.
Which software is affected by CVE-2022-26360?
The Xen Xen package, Debian Linux, and Fedora Linux versions 34 and 35 are affected by CVE-2022-26360.
How can I fix CVE-2022-26360?
To fix CVE-2022-26360, it is recommended to update to the specified versions of Xen Xen, Debian Linux, or Fedora Linux.
Where can I find more information about CVE-2022-26360?
You can find more information about CVE-2022-26360 in the references provided: [1](http://www.openwall.com/lists/oss-security/2022/04/05/3), [2](http://xenbits.xen.org/xsa/advisory-400.html), [3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/).
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- package-manager/debian
- vendor/xen
- canonical/xen xen
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35