mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
136 lines
5.1 KiB
JSON
136 lines
5.1 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@xen.org",
|
|
"ID": "CVE-2022-26357",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "xen",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "?",
|
|
"version_value": "consult Xen advisory XSA-399"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Xen"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"configuration": {
|
|
"configuration_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Xen versions 4.11 through 4.16 are vulnerable. Xen versions 4.10 and\nearlier are not vulnerable.\n\nOnly x86 systems with VT-d IOMMU hardware are vulnerable. Arm systems\nas well as x86 systems without VT-d hardware or without any IOMMUs in\nuse are not vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"credit": {
|
|
"credit_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "This issue was discovered by Jan Beulich of SUSE."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"impact_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The precise impact is system specific, but would typically be a Denial\nof Service (DoS) affecting the entire host. Privilege escalation and\ninformation leaks cannot be ruled out."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "unknown"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://xenbits.xenproject.org/xsa/advisory-399.txt",
|
|
"refsource": "MISC",
|
|
"name": "https://xenbits.xenproject.org/xsa/advisory-399.txt"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "http://xenbits.xen.org/xsa/advisory-399.html",
|
|
"url": "http://xenbits.xen.org/xsa/advisory-399.html"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20220405 Xen Security Advisory 399 v2 (CVE-2022-26357) - race in VT-d domain ID cleanup",
|
|
"url": "http://www.openwall.com/lists/oss-security/2022/04/05/2"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-5117",
|
|
"url": "https://www.debian.org/security/2022/dsa-5117"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2022-dfbf7e2372",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2022-64b2c02d29",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/"
|
|
}
|
|
]
|
|
},
|
|
"workaround": {
|
|
"workaround_data": {
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Not passing through physical devices to untrusted guests will avoid\nthe vulnerability."
|
|
}
|
|
]
|
|
}
|
|
}
|
|
}
|
|
} |