Race Condition in VT-d Domain ID Cleanup in Xen by The Xen Project
CVE-2022-26357

7HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 5 April 2022

What is CVE-2022-26357?

A race condition exists in the cleanup process of VT-d domain IDs within Xen, where the domain IDs, which can be up to 15 bits wide, are internally mapped to a smaller value range. This flaw permits the chance for domain IDs to be leaked, allowing certain flush operations to be bypassed. The issue arises during the housekeeping structures cleanup, creating a potential security risk.

Affected Version(s)

xen consult Xen advisory XSA-399

References

https://xenbits.xenproject.org/xsa/advisory-399.txt

http://xenbits.xen.org/xsa/advisory-399.html

http://www.openwall.com/lists/oss-security/2022/04/05/2

mailing-list

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2022
Vulnerability Reserved
Mar 2, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Jan Beulich of SUSE.'}]}}}