Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-28702

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.7%
CVSS Severity
CVSS v3 Score 7.6
CVSS v2 Score 4.6
References
Products affected by CVE-2021-28702
  • Debian » Debian Linux » Version: 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Fedoraproject » Fedora » Version: 33
    cpe:2.3:o:fedoraproject:fedora:33
  • Fedoraproject » Fedora » Version: 34
    cpe:2.3:o:fedoraproject:fedora:34
  • Fedoraproject » Fedora » Version: 35
    cpe:2.3:o:fedoraproject:fedora:35
  • Xen » Xen » Version: 4.13.0
    cpe:2.3:o:xen:xen:4.13.0
  • Xen » Xen » Version: 4.13.1
    cpe:2.3:o:xen:xen:4.13.1
  • Xen » Xen » Version: 4.13.2
    cpe:2.3:o:xen:xen:4.13.2
  • Xen » Xen » Version: 4.13.3
    cpe:2.3:o:xen:xen:4.13.3
  • Xen » Xen » Version: 4.13.4
    cpe:2.3:o:xen:xen:4.13.4
  • Xen » Xen » Version: 4.13.5
    cpe:2.3:o:xen:xen:4.13.5
  • Xen » Xen » Version: 4.14.0
    cpe:2.3:o:xen:xen:4.14.0
  • Xen » Xen » Version: 4.14.1
    cpe:2.3:o:xen:xen:4.14.1
  • Xen » Xen » Version: 4.14.2
    cpe:2.3:o:xen:xen:4.14.2
  • Xen » Xen » Version: 4.14.3
    cpe:2.3:o:xen:xen:4.14.3
  • Xen » Xen » Version: 4.14.4
    cpe:2.3:o:xen:xen:4.14.4
  • Xen » Xen » Version: 4.14.5
    cpe:2.3:o:xen:xen:4.14.5
  • Xen » Xen » Version: 4.14.6
    cpe:2.3:o:xen:xen:4.14.6
  • Xen » Xen » Version: 4.15.0
    cpe:2.3:o:xen:xen:4.15.0
  • Xen » Xen » Version: 4.15.1
    cpe:2.3:o:xen:xen:4.15.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved