CVE-2021-28710

{"id": "CVE-2021-28710", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.0}]}, "published": "2021-11-21T15:15:07.597", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7ZGWVVRI4XY2XSTBI3XEMWBXPDVX6OT/", "source": "security@xen.org"}, {"url": "https://security.gentoo.org/glsa/202208-23", "tags": ["Third Party Advisory"], "source": "security@xen.org"}, {"url": "https://xenbits.xenproject.org/xsa/advisory-390.txt", "tags": ["Vendor Advisory"], "source": "security@xen.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared between CPUs, for second-level translation (EPT), and IOMMUs. These page tables are presently set up to always be 4 levels deep. However, an IOMMU may require the use of just 3 page table levels. In such a configuration the lop level table needs to be stripped before inserting the root table's address into the hardware pagetable base register. When sharing page tables, Xen erroneously skipped this stripping. Consequently, the guest is able to write to leaf page table entries."}, {"lang": "es", "value": "determinadas IOMMUs de VT-d pueden no funcionar en modo de tabla de p\u00e1ginas compartida Por razones de eficiencia, las estructuras de control de traducci\u00f3n de direcciones (tablas de p\u00e1ginas) pueden (y, en el hardware adecuado, por defecto) ser compartidas entre las CPUs, para la traducci\u00f3n de segundo nivel (EPT), y las IOMMUs. Estas tablas de p\u00e1ginas est\u00e1n actualmente configuradas para tener siempre 4 niveles de profundidad. Sin embargo, una IOMMU puede requerir el uso de s\u00f3lo 3 niveles de tabla de p\u00e1ginas. En una configuraci\u00f3n de este tipo, la tabla de nivel inferior debe ser eliminada antes de insertar la direcci\u00f3n de la tabla root en el registro base de la tabla de p\u00e1ginas del hardware. Cuando son compartidas las tablas de p\u00e1ginas, Xen omite err\u00f3neamente este despojo. En consecuencia, el hu\u00e9sped es capaz de escribir en las entradas de la tabla de p\u00e1ginas hoja"}], "lastModified": "2023-11-07T03:32:20.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:4.15.0:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "C3BFD203-8E25-46AF-AF43-DAFB86BDFE0D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}], "operator": "OR"}]}], "sourceIdentifier": "security@xen.org"}