Improper Privilege Management Affecting xen package, versions <4.15.1-r1


0.0
high

Snyk CVSS

    Attack Complexity Low
    Scope Changed
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.19% (57th percentile)
Expand this section
NVD
7.6 high
Expand this section
SUSE
6.8 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-ALPINE315-XEN-1928812
  • published 21 Nov 2021
  • disclosed 6 Oct 2021

How to fix?

Upgrade Alpine:3.15 xen to version 4.15.1-r1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xen package and not the xen package as distributed by Alpine. See How to fix? for Alpine:3.15 relevant fixed versions and status.

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.