VDB

ALPINE-CVE-2022-26357

ALPINE-CVE-2022-26357 PUBLISHED CVSS 7 HIGH

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.

Risk Scores

CVSS v3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.23xen4.13.0-r2, 4.13.0-r1, 4.13.0-r0
Alpine:v3.15xen4.7.0-r0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.12xen4.0.1-r0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.22xen4.2.0-r3, 4.9.1-r3, 4.1.2-r3
Alpine:v3.13xen4.7.0-r4, 4.7.0-r5, 4.7.1-r0
Alpine:v3.18xen4.3.0-r5, 0, 4.0.1-r0
Alpine:v3.14xen4.2.0-r1, 4.2.0-r2, 4.12.1-r2
Alpine:v3.17xen4.6.0-r0, 4.6.0-r1, 4.6.0-r2
Alpine:v3.20xen4.1.2-r4, 4.13.0-r2, 4.13.0-r1
Alpine:v3.16xen4.9.1-r3, 4.9.1-r2, 4.9.1-r1
Alpine:v3.21xen4.1.3-r0, 0, 4.0.1-r0
Alpine:v3.19xen0, 4.9.1-r3, 4.9.1-r2

Timeline

  • Apr 5, 2022 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›