CVE-2022-26364XEN vulnerability

4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 70.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedJun 9
Latest updateJun 10

Description

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-ind

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/xen< xen 4.16.2-1 (bookworm)
Debianxen/xen< 4.14.5+24-g87d90d511c-1+3

Also affects: Debian Linux 11.0, Fedora 35, 36

Patches

Patch: xenbits.xen.orgPatch: xenbits.xen.org

🔴Vulnerability Details

2
GHSA
GHSA-qx8q-xw66-hrxq: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabil2022-06-10
OSV
CVE-2022-26364: x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabil2022-06-09

📋Vendor Advisories

1
Debian
CVE-2022-26364: xen - x86 pv: Insufficient care with non-coherent mappings T[his CNA information recor...2022