Vulnerability CVE-2021-28694

Vulnerability Name:

CVE-2021-28694 (CCN-208179)

Assigned:

2021-08-25

Published:

2021-08-25

Updated:

2022-09-28

Summary:

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696).

CVSS v3 Severity:

6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Physical Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-28694

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210901 Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210901 Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210901 Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86

Source: CCN
Type: Xen Security Advisory XSA-378
IOMMU page mapping issues on x86

Source: XF
Type: UNKNOWN
xen-cve202128694-priv-esc(208179)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-081f9bf5d2

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-d68ed12e46

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-4f129cc0c1

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-23

Source: DEBIAN
Type: Third Party Advisory
DSA-4977

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-28694

Source: MISC
Type: Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-378.txt

Vulnerable Configuration:

Configuration 1:

cpe:/o:xen:xen:*:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7987	P	apache-commons-compress-1.21-150200.3.13.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:8050	P	perl-Archive-Extract-0.80-1.24 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7831	P	xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51952	P	Security update for libX11 (Moderate)	2022-11-15
oval:org.opensuse.security:def:767	P	Security update for sqlite3 (Moderate)	2022-09-19
oval:org.opensuse.security:def:95375	P	Security update for MozillaThunderbird (Important) (in QA)	2022-08-01
oval:org.opensuse.security:def:3535	P	java-1_8_0-openjdk-1.8.0.222-27.35.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3479	P	e2fsprogs-1.43.8-3.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3668	P	librelp0-1.2.12-3.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3225	P	libopus0-1.1-3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94855	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95165	P	xen-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94591	P	kernel-firmware-all-20220119-150400.2.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:388	P	xen-libs-4.16.0_08-150400.2.12 on GA media (Moderate)	2022-06-10
oval:org.opensuse.security:def:93134	P	(Important)	2022-05-10
oval:org.opensuse.security:def:102088	P	Security update for icedtea-web (Important)	2022-04-19
oval:org.opensuse.security:def:99733	P	(Important)	2022-04-13
oval:org.opensuse.security:def:6160	P	Security update for apache2 (Important)	2022-02-16
oval:org.opensuse.security:def:55959	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:83343	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:29433	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:56079	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:83463	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:30136	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:55256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:82640	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:30256	P	Security update for xen (Moderate)	2021-10-07
oval:org.opensuse.security:def:111049	P	Security update for xen (Important)	2021-09-07
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:87461	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31265	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58004	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:85729	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:51654	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:31679	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:58820	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86143	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:23666	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57088	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:84207	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32181	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:86645	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:57502	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:84665	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:59792	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:125597	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:70290	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89447	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:69536	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88185	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:126765	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:10150	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33969	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:88501	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:127162	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:9396	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:99141	P	(Important)	2021-09-03
oval:org.opensuse.security:def:59534	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:23964	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:8650	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:89189	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:69139	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:26117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73690	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92981	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100324	P	(Important)	2021-09-02
oval:org.opensuse.security:def:8835	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101304	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:66916	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:5104	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:109424	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9784	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92385	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99411	P	(Important)	2021-09-02
oval:org.opensuse.security:def:99534	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:60351	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:42117	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:111699	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:73879	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100653	P	(Important)	2021-09-02
oval:org.opensuse.security:def:9030	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:70475	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:67249	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:98946	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:117484	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:96068	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:1627	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92584	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99674	P	(Important)	2021-09-02
oval:org.opensuse.security:def:69725	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64568	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:107970	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:75984	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:93287	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101498	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:91996	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102758	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:5827	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:69076	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:118520	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:10335	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92783	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99988	P	(Important)	2021-09-02
oval:org.opensuse.security:def:69924	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:100043	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:34528	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:64757	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:108754	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:76317	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:102203	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:9585	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:92191	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:99139	P	(Important)	2021-09-02

BACK