oss-sec mailing list archives

Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86

From: Jason Andryuk <jandryuk () gmail com>
Date: Wed, 1 Sep 2021 09:22:14 -0400

On Wed, Sep 1, 2021 at 5:34 AM Xen.org security team <security () xen org> wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

 Xen Security Advisory CVE-2021-28694,CVE-2021-28695,CVE-2021-28696 / XSA-378
                                   version 3

                   IOMMU page mapping issues on x86

UPDATES IN VERSION 3
====================

Warn about dom0=pvh breakage in Resolution section.

ISSUE DESCRIPTION
=================

Both AMD and Intel allow ACPI tables to specify regions of memory
which should be left untranslated, which typically means these
addresses should pass the translation phase unaltered.  While these
are typically device specific ACPI properties, they can also be
specified to apply to a range of devices, or even all devices.

On all systems with such regions Xen failed to prevent guests from
undoing/replacing such mappings (CVE-2021-28694).


Hi,

Is there a way to identify if a system's ACPI tables have untranslated
regions?  Does it show up in xen or linux dmesg or can it be
identified in sysfs?

Thanks,
Jason

Current thread:

Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86 Xen . org security team (Sep 01)
- Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86 Jason Andryuk (Sep 01)
  - Re: Xen Security Advisory 378 v3 (CVE-2021-28694,CVE-2021-28695,CVE-2021-28696) - IOMMU page mapping issues on x86 Andrew Cooper (Sep 01)