x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167718/Xen-TLB-Flush-Bypass.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2022/06/09/3 | Mailing List Third Party Advisory |
http://xenbits.xen.org/xsa/advisory-401.html | Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/ | |
https://security.gentoo.org/glsa/202208-23 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5184 | Third Party Advisory |
https://xenbits.xenproject.org/xsa/advisory-401.txt | Vendor Advisory |
Configurations
History
24 Aug 2022, 18:35
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-23 - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5184 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI/ - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/167718/Xen-TLB-Flush-Bypass.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
15 Aug 2022, 11:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Jul 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jul 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jun 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jun 2022, 13:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 6.4 |
References | (CONFIRM) http://xenbits.xen.org/xsa/advisory-401.html - Patch, Vendor Advisory | |
References | (MISC) https://xenbits.xenproject.org/xsa/advisory-401.txt - Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/06/09/3 - Mailing List, Third Party Advisory | |
CWE | CWE-362 | |
CPE | cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:* |
09 Jun 2022, 17:33
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-09 17:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-26362
Mitre link : CVE-2022-26362
CVE.ORG link : CVE-2022-26362
JSON object : View
Products Affected
xen
- xen
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')