cvelist/2022/26xxx/CVE-2022-26356.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@xen.org",
        "ID": "CVE-2022-26356",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "xen",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "?",
                                            "version_value": "consult Xen advisory XSA-397"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Xen"
                }
            ]
        }
    },
    "configuration": {
        "configuration_data": {
            "description": {
                "description_data": [
                    {
                        "lang": "eng",
                        "value": "All Xen versions from at least 4.0 onwards are vulnerable.\n\nOnly x86 systems are vulnerable.  Arm systems are not vulnerable.\n\nOnly domains controlling an x86 HVM guest using Hardware Assisted Paging (HAP)\ncan leverage the vulnerability.  On common deployments this is limited to\ndomains that run device models on behalf of guests."
                    }
                ]
            }
        }
    },
    "credit": {
        "credit_data": {
            "description": {
                "description_data": [
                    {
                        "lang": "eng",
                        "value": "This issue was discovered by Roger Pau Monn\u00e9 of Citrix."
                    }
                ]
            }
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak."
            }
        ]
    },
    "impact": {
        "impact_data": {
            "description": {
                "description_data": [
                    {
                        "lang": "eng",
                        "value": "An attacker can cause Xen to leak memory, eventually leading to a Denial of\nService (DoS) affecting the entire host."
                    }
                ]
            }
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "unknown"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://xenbits.xenproject.org/xsa/advisory-397.txt",
                "refsource": "MISC",
                "name": "https://xenbits.xenproject.org/xsa/advisory-397.txt"
            },
            {
                "refsource": "CONFIRM",
                "name": "http://xenbits.xen.org/xsa/advisory-397.html",
                "url": "http://xenbits.xen.org/xsa/advisory-397.html"
            },
            {
                "refsource": "MLIST",
                "name": "[oss-security] 20220405 Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls",
                "url": "http://www.openwall.com/lists/oss-security/2022/04/05/1"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-5117",
                "url": "https://www.debian.org/security/2022/dsa-5117"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-dfbf7e2372",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2022-64b2c02d29",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/"
            }
        ]
    },
    "workaround": {
        "workaround_data": {
            "description": {
                "description_data": [
                    {
                        "lang": "eng",
                        "value": "Using only PV or PVH guests and/or running HVM guests in shadow mode will avoid\nthe vulnerability."
                    }
                ]
            }
        }
    }
}
"-Synchronized-Data." 2022-03-02 23:01:20 +00:00			`{`
"-Synchronized-Data." 2022-04-05 13:01:32 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@xen.org",`
			`"ID": "CVE-2022-26356",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "xen",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "?",`
			`"version_value": "consult Xen advisory XSA-397"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Xen"`
			`}`
			`]`
			`}`
			`},`
			`"configuration": {`
			`"configuration_data": {`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "All Xen versions from at least 4.0 onwards are vulnerable.\n\nOnly x86 systems are vulnerable. Arm systems are not vulnerable.\n\nOnly domains controlling an x86 HVM guest using Hardware Assisted Paging (HAP)\ncan leverage the vulnerability. On common deployments this is limited to\ndomains that run device models on behalf of guests."`
			`}`
			`]`
			`}`
			`}`
			`},`
			`"credit": {`
			`"credit_data": {`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "This issue was discovered by Roger Pau Monn\u00e9 of Citrix."`
			`}`
			`]`
			`}`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
"-Synchronized-Data." 2022-03-02 23:01:20 +00:00			`{`
"-Synchronized-Data." 2022-04-05 13:01:32 +00:00			`"lang": "eng",`
			"value": "Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak."
"-Synchronized-Data." 2022-03-02 23:01:20 +00:00			`}`
"-Synchronized-Data." 2022-04-05 13:01:32 +00:00			`]`
			`},`
			`"impact": {`
			`"impact_data": {`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "An attacker can cause Xen to leak memory, eventually leading to a Denial of\nService (DoS) affecting the entire host."`
			`}`
			`]`
			`}`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "unknown"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://xenbits.xenproject.org/xsa/advisory-397.txt",`
			`"refsource": "MISC",`
			`"name": "https://xenbits.xenproject.org/xsa/advisory-397.txt"`
"-Synchronized-Data." 2022-04-05 14:01:24 +00:00			`},`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "http://xenbits.xen.org/xsa/advisory-397.html",`
			`"url": "http://xenbits.xen.org/xsa/advisory-397.html"`
"-Synchronized-Data." 2022-04-05 15:01:23 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[oss-security] 20220405 Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls",`
			`"url": "http://www.openwall.com/lists/oss-security/2022/04/05/1"`
"-Synchronized-Data." 2022-04-19 12:01:46 +00:00			`},`
			`{`
			`"refsource": "DEBIAN",`
			`"name": "DSA-5117",`
			`"url": "https://www.debian.org/security/2022/dsa-5117"`
"-Synchronized-Data." 2022-04-21 23:01:22 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-dfbf7e2372",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/"`
"-Synchronized-Data." 2022-05-02 09:01:25 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2022-64b2c02d29",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/"`
"-Synchronized-Data." 2022-04-05 13:01:32 +00:00			`}`
			`]`
			`},`
			`"workaround": {`
			`"workaround_data": {`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			`"value": "Using only PV or PVH guests and/or running HVM guests in shadow mode will avoid\nthe vulnerability."`
			`}`
			`]`
			`}`
			`}`
			`}`
			`}`