关键信息总结 漏洞概述 Advisory: XSA-400 Public Release: 2022-04-05 12:00 Updated: 2022-04-05 12:02 CVE(s): CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361 漏洞详情 Title: IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues Issue Description: - Certain PCI devices might be assigned Reserved Memory Regions (RMRR) for Intel VT-d or Unity Mapping ranges for AMD-Vi. - These regions are used for platform tasks such as legacy USB emulation. - Once a device associated with such a region is active, the mappings of these regions need to remain continuously accessible by the device. - This requirement has been violated, leading to unpredictable behavior, ranging from IOMMU faults to memory corruption. 影响 The precise impact is system-specific but could lead to a Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be ruled out. 漏洞系统 All Xen versions supporting PCI passthrough are affected. Only x86 systems with IOMMU hardware are vulnerable. Arm systems as well as x86 systems without IOMMU hardware or without any IOMMUs in use are not vulnerable. Only x86 guests with physical devices passed through to them and associated with RMRR or unity maps can leverage the vulnerability. 缓解措施 Not passing through physical devices to untrusted guests when the devices have associated RMRRs / unity maps will avoid the vulnerability. 解决方案 Applying the appropriate set of attached patches resolves this issue.