CVE-2021-28702

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Published: Oct 6, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-28702
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.6
AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
xen / xen	4.13.0	4.15.1.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x
debian / debian_linux	9.0	9.0.x

Vulnerability Database

289,689

CVE-2021-28702