CVE-2022-23041Race Condition in Linux

CWE-362Race Condition46 documents7 sources
Severity
7.0HIGHNVD
OSV7.8OSV7.1OSV6.5
EPSS
0.1%
top 68.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxDebian Linux
Timeline
PublishedMar 10
Latest updateMay 13

Description

Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifr

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

debiandebian/linux< linux 5.16.14-1 (bookworm)
Debianlinux/linux_kernel< 5.10.106-1+3
Ubuntulinux/linux_kernel< 5.4.0-117.132+2

Also affects: Debian Linux 9.0

🔴Vulnerability Details

24
OSV
linux-lts-xenial vulnerabilities2025-05-13
OSV
linux-fips vulnerabilities2025-05-12
OSV
linux-aws vulnerabilities2025-05-12
OSV
linux, linux-aws, linux-kvm vulnerabilities2025-05-12
OSV
linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities2025-04-09

📋Vendor Advisories

15
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2025-05-13
Ubuntu
Linux kernel (FIPS) vulnerabilities2025-05-12
Ubuntu
Linux kernel vulnerabilities2025-05-12
Ubuntu
Linux kernel (AWS) vulnerabilities2025-05-12
Ubuntu
Linux kernel vulnerabilities2025-04-09