CVE-2022-26357 — Race Condition in XEN

CWE-362 — Race Condition4 documents4 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 95.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedApr 5

Latest updateApr 6

Description

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

▶NVDxen/xen4.11.0 — 4.12.0+1

▶debiandebian/xen< xen 4.16.1-1 (bookworm)

▶Debianxen/xen< 4.14.4+74-gd7b22226b5-1+3

Also affects: Debian Linux 11.0, Fedora 34, 35

Patches

Patch: www.openwall.com ↗Patch: xenbits.xen.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-p235-73wr-c3m7: race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide↗2022-04-06

▶

OSV

CVE-2022-26357: race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide↗2022-04-05

▶

📋Vendor Advisories

Debian

CVE-2022-26357: xen - race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardw...↗2022

▶