DEBIAN-CVE-2022-26356
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 05 Apr 2022, 13:15
Last modified:28 Apr 2026, 20:24
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.6 MEDIUM
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Apr 2022, 13:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:24
Last Modified
Vulnerability information updated
Description
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.6CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Systems
- debian•xen
< 4.14.4+74-gd7b22226b5-1 | < 4.16.1-1 | < 4.16.1-1 | < 4.16.1-1