CVE-2022-26357

Description

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.

CVSS Metrics

• v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.2AV:L/AC:H/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.02%• Percentile: 5%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

• debian•debian_linux

  11.0

• fedoraproject•fedora

  34 | 35

• xen•xen

  ≥ 4.11.0, < 4.12.0 | ≥ 4.13.0, < 4.16.0

References (7)

• https://xenbits.xenproject.org/xsa/advisory-399.txt
• http://xenbits.xen.org/xsa/advisory-399.html
• http://www.openwall.com/lists/oss-security/2022/04/05/2
• https://www.debian.org/security/2022/dsa-5117
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/
• https://security.gentoo.org/glsa/202402-07