CVE-2022-26362: Race Condition
First published: Thu Jun 09 2022(Updated: )
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.
Credit: security@xen.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xen Xen | ||
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Debian Debian Linux | =11.0 | |
| debian/xen | <=4.11.4+107-gef32c7afa2-1 | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.2+76-ge1f9cb16e2-1~deb12u1 4.17.2+76-ge1f9cb16e2-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/167718/Xen-TLB-Flush-Bypass.html
- http://www.openwall.com/lists/oss-security/2022/06/09/3
- http://xenbits.xen.org/xsa/advisory-401.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
- https://security.gentoo.org/glsa/202208-23
- https://www.debian.org/security/2022/dsa-5184
- https://xenbits.xenproject.org/xsa/advisory-401.txt
- https://xenbits.xen.org/xsa/advisory-401.html
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2294
- https://security-tracker.debian.org/tracker/CVE-2022-26362
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
Frequently Asked Questions
What is CVE-2022-26362?
CVE-2022-26362 is a vulnerability in Xen that allows for a race condition in typeref acquisition.
What is the severity of CVE-2022-26362?
CVE-2022-26362 has a severity of 6.4, which is considered medium.
Which software is affected by CVE-2022-26362?
Xen Xen, Fedoraproject Fedora 35 and 36, and Debian Debian Linux 11.0 are affected by CVE-2022-26362.
How can I fix CVE-2022-26362?
To fix CVE-2022-26362, update Xen to version 4.14.6-1, 4.14.5+94-ge49571868d-1, 4.17.1+2-gb773c48e36-1, or 4.17.2+55-g0b56bed864-1.
Where can I find more information about CVE-2022-26362?
You can find more information about CVE-2022-26362 at the following references: [Advisory-401](https://xenbits.xen.org/xsa/advisory-401.html), [Project Zero Issue](https://bugs.chromium.org/p/project-zero/issues/detail?id=2294), [Debian Security Tracker](https://security-tracker.debian.org/tracker/CVE-2022-26362).
- collector/nvd-index
- collector/security-tracker-debian
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/xen
- canonical/xen xen
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- package-manager/debian