CVE-2022-50257

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's Xen/gntdev component that can lead to grant references being leaked. This occurs when a grant mapping operation fails partially, resulting in inconsistencies between map ops and kmap ops arrays. Specifically, if map ops mappings fail while kmap ops mappings succeed, the live grants counter can be incorrectly set, potentially becoming zero or negative. This can prevent the unmapping of grant-mapped pages or lead to undefined behavior with a negative live grants value. In Qubes OS v4.1, this issue manifests as warning messages like "g.e. 0x1234 still pending" when resizing GUI VM windows.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.