CVE-2022-26364

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
References
Link Resource
http://packetstormsecurity.com/files/167710/Xen-PV-Guest-Non-SELFSNOOP-CPU-Memory-Corruption.html Exploit Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2022/06/09/4 Mailing List Third Party Advisory
http://xenbits.xen.org/xsa/advisory-402.html Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
https://security.gentoo.org/glsa/202208-23 Third Party Advisory
https://www.debian.org/security/2022/dsa-5184 Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-402.txt Vendor Advisory
http://packetstormsecurity.com/files/167710/Xen-PV-Guest-Non-SELFSNOOP-CPU-Memory-Corruption.html Exploit Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2022/06/09/4 Mailing List Third Party Advisory
http://xenbits.xen.org/xsa/advisory-402.html Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
https://security.gentoo.org/glsa/202208-23 Third Party Advisory
https://www.debian.org/security/2022/dsa-5184 Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-402.txt Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-09 17:15

Updated : 2024-11-21 06:53


NVD link : CVE-2022-26364

Mitre link : CVE-2022-26364

CVE.ORG link : CVE-2022-26364


JSON object : View

Products Affected

fedoraproject

  • fedora

xen

  • xen

debian

  • debian_linux