CVE-2021-28694Incorrect Authorization in XEN

CWE-863Incorrect AuthorizationCWE-287Improper Authentication12 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 66.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedAug 27
Latest updateMay 24

Description

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/xen< xen 4.14.3-1 (bookworm)
Debianxen/xen< 4.14.3-1~deb11u1+3
CVEListV5xen/xen6 versions+5

Also affects: Debian Linux 10.0, 11.0, Fedora 33, 34, 35

🔴Vulnerability Details

6
GHSA
GHSA-p2f6-35c3-q43f: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to2022-05-24
GHSA
GHSA-7h6m-rq82-825p: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to2022-05-24
GHSA
GHSA-c3qw-gwpv-g4fw: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to2022-05-24
OSV
CVE-2021-28695: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to2021-08-27
OSV
CVE-2021-28694: IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to2021-08-27

📋Vendor Advisories

3
Debian
CVE-2021-28694: xen - IOMMU page mapping issues on x86 T[his CNA information record relates to multipl...2021
Debian
CVE-2021-28696: xen - IOMMU page mapping issues on x86 T[his CNA information record relates to multipl...2021
Debian
CVE-2021-28695: xen - IOMMU page mapping issues on x86 T[his CNA information record relates to multipl...2021