4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:N/A:C
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
14.2%
Racy interactions between dirty vram tracking and paging log dirty
hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram
(was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log
dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can
enable log dirty while another CPU is still in the process of tearing down
the structures related to a previously enabled log dirty mode
(XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive
locking between both operations and can lead to entries being added in
already freed slots, resulting in a memory leak.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2022/04/05/1
xenbits.xen.org/xsa/advisory-397.html
launchpad.net/bugs/cve/CVE-2022-26356
nvd.nist.gov/vuln/detail/CVE-2022-26356
security-tracker.debian.org/tracker/CVE-2022-26356
www.cve.org/CVERecord?id=CVE-2022-26356
xenbits.xen.org/xsa/advisory-397.html
xenbits.xenproject.org/xsa/advisory-397.txt
4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:N/I:N/A:C
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
14.2%