CVE-2022-26356Improper Locking in XEN

CWE-667Improper LockingCWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
5.6MEDIUMNVD
EPSS
0.0%
top 85.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedApr 5
Latest updateApr 6

Description

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive lock

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.1 | Impact: 4.0

Affected Packages3 packages

NVDxen/xen4.0.04.12.0+2
debiandebian/xen< xen 4.16.1-1 (bookworm)
Debianxen/xen< 4.14.4+74-gd7b22226b5-1+3

Also affects: Debian Linux 11.0, Fedora 34, 35

Patches

Patch: www.openwall.comPatch: xenbits.xen.orgPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-wqf3-h5g7-w9q8: Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was name2022-04-06
OSV
CVE-2022-26356: Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was name2022-04-05

📋Vendor Advisories

1
Debian
CVE-2022-26356: xen - Racy interactions between dirty vram tracking and paging log dirty hypercalls Ac...2022