CVE-2022-23040 — Race Condition in Linux
Severity
7.0HIGHNVD
OSV6.5OSV5.6
EPSS
0.1%
top 68.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 10
Latest updateMar 16
Description
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifr…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 9.0
🔴Vulnerability Details
17OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.↗2022-06-08
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities↗2022-05-12
GHSA▶
GHSA-32qq-4q5r-h4xr: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vul↗2022-03-11
GHSA▶
GHSA-fh24-7cc2-vrh4: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vul↗2022-03-11
GHSA▶
GHSA-xmmh-rrmp-q4m2: Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vul↗2022-03-11