漏洞标题
N/A
漏洞描述信息
x86上的IOMMU页映射问题
[这个CNA信息记录与多个CVE有关;本文解释了与哪个CVE相关的哪个方面/漏洞。]
AMD和英特尔允许ACPI表指定应保留未翻译的内存区域,这通常意味着这些地址应在翻译阶段未经修改地通过。尽管这些通常是设备特定的ACPI属性,但它们也可以被指定应用于一组设备,甚至可能是所有设备。在有此类区域的系统中,Xen未能防止 guests 恢复/替换这些映射(CVE-2021-28694)。在AMD系统中,由固件指定的不连续范围也将被标识映射(CVE-2021-28695)。此外,在AMD系统中,当从 guests 卸载物理设备时,标识映射将被保留,允许 guest 继续访问它不应该再访问的内存范围(CVE-2021-28696)。
CVSS信息
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Xen 安全漏洞
漏洞描述信息
Xen是英国剑桥(Cambridge)大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen 存在安全漏洞,攻击者可利用该漏洞通过 X86 IOMMU 的 Xen 页面映射绕过限制,从而提升他在主机系统的特权。
CVSS信息
N/A
漏洞类别
其他