PT-2022-3414 · Xen+1 · Xen+1

Jann Horn

Published

2022-06-09

Updated

2024-06-15

CVE-2022-26363

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue is related to insufficient care with non-coherent mappings in Xen, which maintains a type reference count for pages in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, such as preventing PV guests from having direct writeable access to pagetables. However, Xen's safety logic does not account for CPU-induced cache non-coherency, where the CPU can cause the content of the cache to be different from the content in main memory. As a result, Xen's safety logic can incorrectly conclude that the contents of a page are safe.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2022-04190

CVE-2022-26363

DSA-5184-1

OPENSUSE-SU-2022_2065-1

OPENSUSE-SU-2022_2296-1

OPENSUSE-SU-2022_2597-1

OPENSUSE-SU-2022_2599-1

OPENSUSE-SU-2024:12219-1

SUSE-SU-2022:2065-1

SUSE-SU-2022:2084-1

SUSE-SU-2022:2158-1

SUSE-SU-2022:2164-1

SUSE-SU-2022:2296-1

SUSE-SU-2022:2560-1

SUSE-SU-2022:2569-1

SUSE-SU-2022:2574-1

SUSE-SU-2022:2591-1

SUSE-SU-2022:2597-1

SUSE-SU-2022:2599-1

SUSE-SU-2022:2599-2

SUSE-SU-2022:2600-1

SUSE-SU-2022:2601-1

Affected Products

Suse

Xen

PT-2022-3414 · Xen+1 · Xen+1

CVE-2022-26363

Weakness Enumeration

Related Identifiers

Affected Products

References · 84