CVE-2021-28702
CVE-2021-28702
In short
When certain PCI devices with special memory regions are passed to virtual machines, they aren't properly cleaned up when the machine shuts down. This causes unpredictable problems like system crashes or memory corruption from the leftover device activity.
Technical detail
PCI devices with Reserved Memory Regions (RMRRs) are not correctly deassigned during guest shutdown in virtualization environments. The IOMMU configuration retains references to freed data structures and IO Pagetables, allowing subsequent DMA transactions or interrupts from the device to trigger memory corruption or IOMMU faults.
Summary generated and translated by AI from the official description.
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Affected products
Xen · xenWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OIHEJ3R3EH5DYI2I5UMD2ULJ2ELA3EX/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDPRMOBBLS74ONYP3IXZZXSTLKR7GRQB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAWV6PO2KUGVZTESERECOBUBZ6X45I7/https://security.gentoo.org/glsa/202208-23https://www.debian.org/security/2021/dsa-5017https://xenbits.xenproject.org/xsa/advisory-386.txthttp://www.openwall.com/lists/oss-security/2021/10/07/2