Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
6.8
CVSSv3

CVE-2021-28694

Published: 27/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
VMScore: 411
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-4977-1 xen -- security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks With the end of upstream support for the 411 branch, the version of xen in the oldstable distribution (buster) is no longer supported If you rely on security support for your Xen installation an ...
Red Hat: CVE-2021-28694
No description is available for this CVE ...
Citrix Security Bulletins: Citrix Hypervisor Security Update
Description of Problem Several security issues have been discovered in Citrix Hypervisor that, collectively, may allow privileged code in a guest VM to compromise or crash the hostThese issues have the following identifiers:  CVE-IDDescriptionPre-requisitesCVE-2021-28694Host denial of serviceMalicious privileged code execution in a guest VM r ...

Mailing Lists

Full Disclosure: Xen Security Advisory 378 v2 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28694,CVE-2021-28695,CVE-2021-28696 / XSA-378 version 2 IOMMU page mapping issues on x86 UPDATES IN VERSION 2 ==================== Public release ISSUE DESCRIPTION ================= Both AMD and Intel allow AC ...
Full Disclosure: Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86
On 01/09/2021 14:22, Jason Andryuk wrote: It's possible, but a little convoluted to do  In dom0 (and in an empty directory) you want: acpidump > acpidmp acpixtract -a acpidmp On Intel, open up rmaddat and hexedit the first 4 bytes from RMAD to DMAR (yes - really - this is how we stop the dom0 kernel from trying to poke the IOMMU dir ...
Full Disclosure: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2021-28694,CVE-2021-28695,CVE-2021-28696 / XSA-378 version 3 IOMMU page mapping issues on x86 UPDATES IN VERSION 3 ==================== Warn about dom0=pvh breakage in Resolution section ISSUE DESCRIPTION ========== ...
Full Disclosure: Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86
On Wed, Sep 1, 2021 at 5:34 AM Xenorg security team <security () xen org> wrote: Hi, Is there a way to identify if a system's ACPI tables have untranslated regions? Does it show up in xen or linux dmesg or can it be identified in sysfs? Thanks, Jason ...

References

NVD-CWE-Otherhttps://xenbits.xenproject.org/xsa/advisory-378.txthttp://www.openwall.com/lists/oss-security/2021/09/01/1http://www.openwall.com/lists/oss-security/2021/09/01/5http://www.openwall.com/lists/oss-security/2021/09/01/6https://www.debian.org/security/2021/dsa-4977https://security.gentoo.org/glsa/202208-23https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LPRVHW4J4ZCPPOHZEWP5MOJT7XDGFFPJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZCNPSRPGFCQRYE2BI4D4Q4SCE56ANV2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VQCFAPBNGBBAOMJZG6QBREOG5IIDZID/https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4977
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692CVE-2012-1823memory leakCVE-2024-0627CVE-2024-31402privilege escalationCVE-2024-36418remote code executionCVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook