CVE-2022-26356

Published Apr 5, 2022

Last updated 3 months ago

CVSS medium 5.6

Overview

Description: Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.
Source: security@xen.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.6
Impact score: 4
Exploitability score: 1.1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 6.9
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-667

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "D4199860-E11E-4F84-BA0C-A9CB463C7A74",
            "versionEndExcluding": "4.12.0",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "F64332BF-1144-4924-8413-FA14FB0A94B6",
            "versionEndExcluding": "4.14.0",
            "versionStartIncluding": "4.13.0"
          },
          {
            "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
            "vulnerable": true,
            "matchCriteriaId": "71566154-EA2A-4C5F-AC6A-8EFBD6159BB9",
            "versionEndExcluding": "4.16.0",
            "versionStartIncluding": "4.15.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References