VDB
CVE-2022-26356
CVE-2022-26356
PUBLISHED
Es existiert eine Schwachstelle in Xen. Der Fehler ist auf eine Race-Condition zurückzuführen, die bei der Verwendung des "Dirty-Log"-Features auftritt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
EPSS 0.05% · 15.5th percentile
Risk Scores
EPSS Score
0.05%
15.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| SUSE | SUSE Linux | |
| Gentoo | Gentoo Linux |
Exploit Intelligence
- https://xenbits.xenproject.org/xsa/advisory-397.txt (circl)
- http://xenbits.xen.org/xsa/advisory-397.html (circl)
- [oss-security] 20220405 Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls (circl)
- DSA-5117 (circl)
- FEDORA-2022-dfbf7e2372 (circl)
- FEDORA-2022-64b2c02d29 (circl)
- GLSA-202402-07 (circl)
Timeline
- Apr 5, 2022 CVE Published
- Apr 9, 2022 EPSS Score
- May 29, 2022 EPSS Score
- Jul 20, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 6, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 29, 2023 EPSS Score
- May 18, 2023 EPSS Score
- Jul 7, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0453.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0453 advisory
- http://xenbits.xen.org/xsa/advisory-399.html advisory
- https://support.citrix.com/article/CTX390511 advisory
- http://xenbits.xen.org/xsa/advisory-397.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2022-4111b25ccc advisory
- https://lists.debian.org/debian-security-announce/2022/msg00085.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010779.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010792.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010821.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010818.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010836.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/010918.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/010916.html advisory
- https://oss.oracle.com/pipermail/oraclevm-errata/2022-May/001051.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-June/011336.html advisory
- https://security.gentoo.org/glsa/202402-07 advisory