|
2022-04-05
|
CVE-2022-26357
|
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.
|
Debian_linux, Fedora, Xen
|
7.0
|
|
|
|
2022-04-05
|
CVE-2022-26358
|
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is...
|
Debian_linux, Fedora, Xen
|
7.8
|
|
|
|
2022-04-05
|
CVE-2022-26359
|
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is...
|
Debian_linux, Fedora, Xen
|
7.8
|
|
|
|
2022-04-05
|
CVE-2022-26360
|
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is...
|
Debian_linux, Fedora, Xen
|
7.8
|
|
|
|
2022-04-05
|
CVE-2022-26361
|
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is...
|
Debian_linux, Fedora, Xen
|
7.8
|
|
|
|
2022-07-12
|
CVE-2022-29901
|
Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.
|
Debian_linux, Fedora, Core_i3\-6100_firmware, Core_i3\-6100e_firmware, Core_i3\-6100h_firmware, Core_i3\-6100t_firmware, Core_i3\-6100te_firmware, Core_i3\-6100u_firmware, Core_i3\-6102e_firmware, Core_i3\-6110u_firmware, Core_i3\-6120_firmware, Core_i3\-6120t_firmware, Core_i3\-6167u_firmware, Core_i3\-6300_firmware, Core_i3\-6300t_firmware, Core_i3\-6320_firmware, Core_i3\-6320t_firmware, Core_i3\-8000_firmware, Core_i3\-8000t_firmware, Core_i3\-8020_firmware, Core_i3\-8100_firmware, Core_i3\-8100h_firmware, Core_i3\-8100t_firmware, Core_i3\-8109u_firmware, Core_i3\-8120_firmware, Core_i3\-8130u_firmware, Core_i3\-8145u_firmware, Core_i3\-8300_firmware, Core_i3\-8300t_firmware, Core_i3\-8350k_firmware, Core_i5\-6200u_firmware, Core_i5\-6210u_firmware, Core_i5\-6260u_firmware, Core_i5\-6267u_firmware, Core_i5\-6287u_firmware, Core_i5\-6300hq_firmware, Core_i5\-6300u_firmware, Core_i5\-6310u_firmware, Core_i5\-6350hq_firmware, Core_i5\-6360u_firmware, Core_i5\-6400_firmware, Core_i5\-6400t_firmware, Core_i5\-6440eq_firmware, Core_i5\-6440hq_firmware, Core_i5\-6442eq_firmware, Core_i5\-6500_firmware, Core_i5\-6500t_firmware, Core_i5\-6500te_firmware, Core_i5\-6600_firmware, Core_i5\-6600k_firmware, Core_i5\-6600t_firmware, Core_i5\-8200y_firmware, Core_i5\-8210y_firmware, Core_i5\-8250u_firmware, Core_i5\-8259u_firmware, Core_i5\-8265u_firmware, Core_i5\-8269u_firmware, Core_i5\-8300h_firmware, Core_i5\-8305g_firmware, Core_i5\-8310y_firmware, Core_i5\-8350u_firmware, Core_i5\-8365u_firmware, Core_i5\-8400_firmware, Core_i5\-8400b_firmware, Core_i5\-8400h_firmware, Core_i5\-8400t_firmware, Core_i5\-8420_firmware, Core_i5\-8420t_firmware, Core_i5\-8500_firmware, Core_i5\-8500b_firmware, Core_i5\-8500t_firmware, Core_i5\-8550_firmware, Core_i5\-8550u_firmware, Core_i5\-8600_firmware, Core_i5\-8600k_firmware, Core_i5\-8600t_firmware, Core_i5\-8650_firmware, Core_i5\-8650k_firmware, Core_i7\-6500u_firmware, Core_i7\-6510u_firmware, Core_i7\-6560u_firmware, Core_i7\-6567u_firmware, Core_i7\-6600u_firmware, Core_i7\-6650u_firmware, Core_i7\-6660u_firmware, Core_i7\-6700_firmware, Core_i7\-6700hq_firmware, Core_i7\-6700k_firmware, Core_i7\-6700t_firmware, Core_i7\-6700te_firmware, Core_i7\-6770hq_firmware, Core_i7\-6820eq_firmware, Core_i7\-6820hk_firmware, Core_i7\-6820hq_firmware, Core_i7\-6822eq_firmware, Core_i7\-6870hq_firmware, Core_i7\-6920hq_firmware, Core_i7\-6970hq_firmware, Core_i7\-8500y_firmware, Core_i7\-8510y_firmware, Core_i7\-8550u_firmware, Core_i7\-8557u_firmware, Core_i7\-8559u_firmware, Core_i7\-8560u_firmware, Core_i7\-8565u_firmware, Core_i7\-8569u_firmware, Core_i7\-8650u_firmware, Core_i7\-8665u_firmware, Core_i7\-8670_firmware, Core_i7\-8670t_firmware, Core_i7\-8700_firmware, Core_i7\-8700b_firmware, Core_i7\-8700k_firmware, Core_i7\-8700t_firmware, Core_i7\-8705g_firmware, Core_i7\-8706g_firmware, Core_i7\-8709g_firmware, Core_i7\-8750h_firmware, Core_i7\-8750hf_firmware, Core_i7\-8809g_firmware, Core_i7\-8850h_firmware, Core_i9\-8950hk_firmware, Core_m3\-6y30_firmware, Core_m3\-8100y_firmware, Core_m5\-6y54_firmware, Core_m5\-6y57_firmware, Core_m7\-6y75_firmware, Esxi, Xen
|
6.5
|
|
|
|
2022-07-14
|
CVE-2022-23825
|
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.
|
A10\-9600p_firmware, A10\-9630p_firmware, A12\-9700p_firmware, A12\-9730p_firmware, A4\-9120_firmware, A6\-9210_firmware, A6\-9220_firmware, A6\-9220c_firmware, A9\-9410_firmware, A9\-9420_firmware, Athlon_gold_3150u_firmware, Athlon_silver_3050u_firmware, Athlon_x4_750_firmware, Athlon_x4_760k_firmware, Athlon_x4_830_firmware, Athlon_x4_835_firmware, Athlon_x4_840_firmware, Athlon_x4_845_firmware, Athlon_x4_860k_firmware, Athlon_x4_870k_firmware, Athlon_x4_880k_firmware, Athlon_x4_940_firmware, Athlon_x4_950_firmware, Athlon_x4_970_firmware, Epyc_7001_firmware, Epyc_7002_firmware, Epyc_7251_firmware, Epyc_7252_firmware, Epyc_7261_firmware, Epyc_7262_firmware, Epyc_7272_firmware, Epyc_7281_firmware, Epyc_7282_firmware, Epyc_7301_firmware, Epyc_7302_firmware, Epyc_7302p_firmware, Epyc_7351_firmware, Epyc_7351p_firmware, Epyc_7352_firmware, Epyc_7371_firmware, Epyc_7401_firmware, Epyc_7401p_firmware, Epyc_7402_firmware, Epyc_7402p_firmware, Epyc_7451_firmware, Epyc_7452_firmware, Epyc_7501_firmware, Epyc_7502_firmware, Epyc_7502p_firmware, Epyc_7532_firmware, Epyc_7542_firmware, Epyc_7551_firmware, Epyc_7551p_firmware, Epyc_7552_firmware, Epyc_7601_firmware, Epyc_7642_firmware, Epyc_7662_firmware, Epyc_7702_firmware, Epyc_7742_firmware, Epyc_7f32_firmware, Epyc_7f52_firmware, Epyc_7f72_firmware, Epyc_7h12_firmware, Ryzen_3_2200u_firmware, Ryzen_3_2300u_firmware, Ryzen_3_3100_firmware, Ryzen_3_3200u_firmware, Ryzen_3_3250u_firmware, Ryzen_3_3300g_firmware, Ryzen_3_3300u_firmware, Ryzen_3_3300x_firmware, Ryzen_3_4300g_firmware, Ryzen_3_4300ge_firmware, Ryzen_3_4300u_firmware, Ryzen_5_2500u_firmware, Ryzen_5_2600_firmware, Ryzen_5_2600h_firmware, Ryzen_5_2600x_firmware, Ryzen_5_2700_firmware, Ryzen_5_2700x_firmware, Ryzen_5_3400g_firmware, Ryzen_5_3450g_firmware, Ryzen_5_3500u_firmware, Ryzen_5_3550h_firmware, Ryzen_5_3600_firmware, Ryzen_5_3600x_firmware, Ryzen_5_3600xt_firmware, Ryzen_5_4500u_firmware, Ryzen_5_4600g_firmware, Ryzen_5_4600ge_firmware, Ryzen_5_4600h_firmware, Ryzen_5_4600u_firmware, Ryzen_7_2700_firmware, Ryzen_7_2700u_firmware, Ryzen_7_2700x_firmware, Ryzen_7_2800h_firmware, Ryzen_7_3700u_firmware, Ryzen_7_3700x_firmware, Ryzen_7_3750h_firmware, Ryzen_7_3800x_firmware, Ryzen_7_3800xt_firmware, Ryzen_7_4700g_firmware, Ryzen_7_4700ge_firmware, Ryzen_7_4700u_firmware, Ryzen_7_4800h_firmware, Ryzen_7_4800u_firmware, Ryzen_9_4900h_firmware, Ryzen_threadripper_2920x_firmware, Ryzen_threadripper_2950x_firmware, Ryzen_threadripper_2970wx_firmware, Ryzen_threadripper_2990wx_firmware, Ryzen_threadripper_3960x_firmware, Ryzen_threadripper_3970x_firmware, Ryzen_threadripper_3990x_firmware, Ryzen_threadripper_pro_3795wx_firmware, Ryzen_threadripper_pro_3945wx_firmware, Ryzen_threadripper_pro_3955wx_firmware, Ryzen_threadripper_pro_3995wx_firmware, Ryzen_threadripper_pro_5945wx_firmware, Ryzen_threadripper_pro_5955wx_firmware, Ryzen_threadripper_pro_5965wx_firmware, Ryzen_threadripper_pro_5975wx_firmware, Ryzen_threadripper_pro_5995wx_firmware, Debian_linux, Fedora, Esxi
|
6.5
|
|
|
|
2022-10-11
|
CVE-2022-33746
|
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.
|
Debian_linux, Fedora, Xen
|
6.5
|
|
|
|
2022-10-11
|
CVE-2022-33747
|
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by...
|
Debian_linux, Fedora, Xen
|
3.8
|
|
|
|
2022-10-11
|
CVE-2022-33748
|
lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.
|
Debian_linux, Fedora, Xen
|
5.6
|
|
|