CVE-2022-26356

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.9

Description The issue arises from racy interactions between dirty vram tracking and paging log dirty hypercalls. Activation of log dirty mode done by XEN DMOP track dirty vram (previously named HVMOP track dirty vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN DMOP track dirty vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN DOMCTL SHADOW OP OFF). This is due to the lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.

Recommendations As a temporary workaround, consider disabling the XEN DMOP track dirty vram function until a patch is available. Restrict access to the log dirty mode to minimize the risk of exploitation. Avoid using the XEN DOMCTL SHADOW OP OFF operation in conjunction with XEN DMOP track dirty vram until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.