Race Condition Vulnerabilities in Linux PV Device Frontends Affecting Xen Project
CVE-2022-23040

7HIGH

Key Information:

Vendor

Unspecified

Status
Unspecified
Vendor
CVE Published:
10 March 2022

What is CVE-2022-23040?

Linux PV device frontends, including blkfront, netfront, scsifront, and gntalloc, exhibit vulnerabilities due to improper grant table interface management. These vulnerabilities lead to potential data leaks and data corruption caused by malicious backends leveraging race conditions. The systems fail to adequately check the usage of grant references during operations, allowing backends to retain access to memory pages even after front-end I/O processes are complete. This scenario poses risks of Denial of Service (DoS) triggered by backend interactions, affecting system stability and data integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

unspecified consult Xen advisory XSA-396

References

https://xenbits.xenproject.org/xsa/advisory-396.txt
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2022/07/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Demi Marie Obenour and Simon Gaiser of\nInvisible Things Lab.'}]}}}
JSON
.