Vulnerability Name:

CVE-2022-26362 (CCN-228461)

Assigned:2022-06-09
Published:2022-06-09
Updated:2022-08-24
Summary:x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.
CVSS v3 Severity:6.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-362
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-26362

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/167718/Xen-TLB-Flush-Bypass.html

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220609 Xen Security Advisory 401 v2 (CVE-2022-26362) - x86 pv: Race condition in typeref acquisition

Source: CCN
Type: Xen Security Advisory XSA-401
x86 pv: Race condition in typeref acquisition

Source: CONFIRM
Type: Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-401.html

Source: XF
Type: UNKNOWN
xen-cve202226362-priv-esc(228461)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-0142d562ca

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-2c9f8224f8

Source: CCN
Type: Packet Storm Security [07-11-2022]
Xen TLB Flush Bypass

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-23

Source: DEBIAN
Type: Third Party Advisory
DSA-5184

Source: MISC
Type: Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-401.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:*:*:*:*:*:*:x86:*

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7831
    P
    		xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:615
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:119458
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:3656
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:95404
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:42328
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:118783
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:119278
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:43655
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:119643
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:95286
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:3771
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:42424
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:118973
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:126930
    P
    		Security update for xen (Important)
    2022-07-27
    oval:org.opensuse.security:def:127327
    P
    		Security update for xen (Important)
    2022-07-27
    oval:org.opensuse.security:def:125766
    P
    		Security update for xen (Important)
    2022-07-27
    oval:org.opensuse.security:def:95394
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:93617
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:94459
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93145
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93824
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:95250
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:93305
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3761
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:94038
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93463
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:550
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:94250
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3620
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:118740
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:119235
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:119610
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:118930
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:119425
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:5273
    P
    		Security update for xen (Important)
    2022-06-14
    oval:org.opensuse.security:def:6071
    P
    		Security update for xen (Important)
    2022-06-14
    oval:org.opensuse.security:def:42298
    P
    		Security update for xen (Important)
    2022-06-13
    oval:org.opensuse.security:def:913
    P
    		Security update for xen (Important)
    2022-06-13
    oval:org.opensuse.security:def:1676
    P
    		Security update for xen (Important)
    2022-06-13
    oval:org.opensuse.security:def:42396
    P
    		Security update for xen (Important)
    2022-06-13
    BACK
    xen xen *
    fedoraproject fedora 35
    fedoraproject fedora 36
    debian debian linux 11.0
    xensource xen *