How severe is CVE-2021-28702?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.6 out of 10.

What type of vulnerability is CVE-2021-28702?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2021-28702 - HIGH Severity | CVSS 7.6

Vulnerability Description

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.

Related Vulnerabilities

CVE-2017-7922

HIGH

CVSS:7.6(High)

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sen...

CWE-2692017

CVE-2020-11466

HIGH

CVSS:7.6(High)

An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk ...

CWE-2692020

CVE-2020-7467

HIGH

CVSS:7.6(High)

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on ho...

CWE-2692020

CVE-2023-23990

HIGH

CVSS:7.6(High)

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a throu...

CWE-2692023

CVE-2024-12511

HIGH

CVSS:7.6(High)

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

CWE-2692024

CVE-2024-1764

HIGH

CVSS:7.6(High)

Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration unde...

CWE-2692024