VDB

CVE-2021-28702

CVE-2021-28702 PUBLISHED

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

EPSS 0.05% · 17.1th percentile

Risk Scores

EPSS Score
0.05%
17.1th percentile

Affected Products

VendorProductVersions
Ubuntu:24.04:LTSxen4.17.3+10-g091466ba55-1, 4.17.3+10-g091466ba55-1.1ubuntu2, *
Ubuntu:18.04:LTSxen4.9.0-0ubuntu3, 0, 4.9.2-0ubuntu1
Ubuntu:16.04:LTSxen4.6.0-1ubuntu4, 0, 4.5.1-0ubuntu1
Ubuntu:25.10xen4.20.0+68-g35cb38b222-1, 0, 4.20.0-1ubuntu1
Ubuntu:20.04:LTSxen4.9.2-0ubuntu2, 4.11.3+24-g14b62ab3e5-1ubuntu1, 4.11.3+24-g14b62ab3e5-1ubuntu2
Ubuntu:22.04:LTSxen0, *, 4.16.0-1~ubuntu2

Exploit Intelligence

Timeline

  • Oct 6, 2021 CVE Published
  • Oct 7, 2021 EPSS Score
  • Dec 3, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 28, 2022 EPSS Score
  • Mar 26, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 22, 2022 EPSS Score
  • Jul 19, 2022 EPSS Score
  • Sep 13, 2022 EPSS Score
  • Nov 9, 2022 EPSS Score
  • Jan 5, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›