Vulnerability Name:

CVE-2022-26364 (CCN-228463)

Assigned:2022-06-09
Published:2022-06-09
Updated:2022-08-24
Summary:x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.
CVSS v3 Severity:6.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.0 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
6.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2022-26364

Source: MISC
Type: Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/167710/Xen-PV-Guest-Non-SELFSNOOP-CPU-Memory-Corruption.html

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220609 Xen Security Advisory 402 v4 (CVE-2022-26363,CVE-2022-26364) - x86 pv: Insufficient care with non-coherent mappings

Source: CCN
Type: Xen Security Advisory XSA-402
x86 pv: Insufficient care with non-coherent mappings

Source: CONFIRM
Type: Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-402.html

Source: XF
Type: UNKNOWN
xen-cve202226364-priv-esc(228463)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-0142d562ca

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-2c9f8224f8

Source: CCN
Type: Packet Storm Security [07-06-2022]
Xen PV Guest Non-SELFSNOOP CPU Memory Corruption

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-23

Source: DEBIAN
Type: Third Party Advisory
DSA-5184

Source: MISC
Type: Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-402.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/o:xen:xen:*:*:*:*:*:*:x86:*

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:xensource:xen:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7831
    P
    		xen-libs-4.17.0_06-150500.1.10 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:615
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:119458
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:3656
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:95404
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:42328
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:118783
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:119278
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:43655
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:119643
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:95286
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:3771
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:42424
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:118973
    P
    		Security update for xen (Important)
    2022-07-29
    oval:org.opensuse.security:def:126930
    P
    		Security update for xen (Important)
    2022-07-27
    oval:org.opensuse.security:def:127327
    P
    		Security update for xen (Important)
    2022-07-27
    oval:org.opensuse.security:def:125766
    P
    		Security update for xen (Important)
    2022-07-27
    oval:org.opensuse.security:def:95394
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:93617
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:94459
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93145
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93824
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:95250
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:93305
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3761
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:94038
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93463
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:550
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:94250
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3620
    P
    		Security update for xen (Important)
    2022-07-06
    oval:org.opensuse.security:def:118740
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:119235
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:119610
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:118930
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:119425
    P
    		Security update for xen (Important)
    2022-06-23
    oval:org.opensuse.security:def:5273
    P
    		Security update for xen (Important)
    2022-06-14
    oval:org.opensuse.security:def:6071
    P
    		Security update for xen (Important)
    2022-06-14
    oval:org.opensuse.security:def:42298
    P
    		Security update for xen (Important)
    2022-06-13
    oval:org.opensuse.security:def:913
    P
    		Security update for xen (Important)
    2022-06-13
    oval:org.opensuse.security:def:1676
    P
    		Security update for xen (Important)
    2022-06-13
    oval:org.opensuse.security:def:42396
    P
    		Security update for xen (Important)
    2022-06-13
    BACK
    xen xen *
    fedoraproject fedora 35
    fedoraproject fedora 36
    debian debian linux 11.0
    xensource xen *