CVE-2024-31145— Xen 安全漏洞

error handling in x86 IOMMU identity mapping

Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. In the logic establishing these mappings, error handling was flawed, resulting in such mappings to potentially remain in place when they should have been removed again. Respective guests would then gain access to memory regions which they aren't supposed to have access to.

N/A

N/A

Xen 安全漏洞

Xen是Xen开源的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上，并支持在运行时进行迁移，保证正常运行并且避免宕机。 Xen 4.16.x之前版本存在安全漏洞，该漏洞源于建立预留内存区域映射时，错误处理逻辑存在缺陷，可能导致应在移除的内存映射持续保留，从而使相应的虚拟机获得不应有的内存区域访问权限。

N/A

N/A