SB2022040543 - Multiple vulnerabilities in Xen IOMMU
Published: April 5, 2022 Updated: April 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2022-26358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to RMRR (VT-d) and unity map (AMD-Vi) handling issues. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Resource exhaustion (CVE-ID: CVE-2022-26359)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to RMRR (VT-d) and unity map (AMD-Vi) handling issues. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
3) Resource exhaustion (CVE-ID: CVE-2022-26360)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to RMRR (VT-d) and unity map (AMD-Vi) handling issues. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2022-26361)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to RMRR (VT-d) and unity map (AMD-Vi) handling issues. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://xenbits.xenproject.org/xsa/advisory-400.txt
- http://xenbits.xen.org/xsa/advisory-400.html
- http://www.openwall.com/lists/oss-security/2022/04/05/3
- https://www.debian.org/security/2022/dsa-5117
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/