CVE-2021-28710 Information

Description

certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons address translation control structures (page tables) may (and on suitable hardware by default will) be shared between CPUs for second-level translation (EPT) and IOMMUs. These page tables are presently set up to always be 4 levels deep. However an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table’s address into the hardware pagetable base register. When sharing page tables Xen erroneously skipped this stripping. Consequently the guest is able to write to leaf page table entries.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Reference

https://xenbits.xenproject.org/xsa/advisory-390.txt https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8