Vulnerability Details : CVE-2022-26361

IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Publish Date : 2022-04-05 Last Update Date : 2022-06-16

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.4
Confidentiality Impact	Partial (There is considerable informational disclosure.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Memory corruption
CWE ID	CWE id is not defined for this vulnerability

- Products Affected By CVE-2022-26361

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Debian	Debian Linux	9.0	*	*	*	Version Details Vulnerabilities
2	OS	Fedoraproject	Fedora	34	*	*	*	Version Details Vulnerabilities
3	OS	Fedoraproject	Fedora	35	*	*	*	Version Details Vulnerabilities
4	OS	XEN	XEN	-	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Debian	Debian Linux	1
Fedoraproject	Fedora	2
XEN	XEN	1

- References For CVE-2022-26361

http://www.openwall.com/lists/oss-security/2022/04/05/3
MLIST [oss-security] 20220405 Xen Security Advisory 400 v2 (CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361) - IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
FEDORA FEDORA-2022-dfbf7e2372

https://www.debian.org/security/2022/dsa-5117
DEBIAN DSA-5117

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/
FEDORA FEDORA-2022-64b2c02d29

https://xenbits.xenproject.org/xsa/advisory-400.txt

http://xenbits.xen.org/xsa/advisory-400.html CONFIRM

- Metasploit Modules Related To CVE-2022-26361

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)