VDB
CVE-2022-26357
CVE-2022-26357
PUBLISHED
Es existiert eine Schwachstelle in Citrix Systems Hypervisor, Citrix Systems XenServer und Xen. Die Schwachstelle ist auf eine Race-Condition zurückzuführen, die bei der Verarbeitung von VT-d Domain IDs auftritt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen oder Informationen offenzulegen.
EPSS 0.02% · 4.8th percentile
Risk Scores
EPSS Score
0.02%
4.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Citrix Systems | Citrix Systems Hypervisor 8.2 | |
| SUSE | SUSE Linux | |
| Gentoo | Gentoo Linux | |
| Citrix Systems | Citrix Systems XenServer 7.1 |
Exploit Intelligence
- https://xenbits.xenproject.org/xsa/advisory-399.txt (circl)
- http://xenbits.xen.org/xsa/advisory-399.html (circl)
- [oss-security] 20220405 Xen Security Advisory 399 v2 (CVE-2022-26357) - race in VT-d domain ID cleanup (circl)
- DSA-5117 (circl)
- FEDORA-2022-dfbf7e2372 (circl)
- FEDORA-2022-64b2c02d29 (circl)
- GLSA-202402-07 (circl)
Timeline
- Apr 5, 2022 CVE Published
- Apr 9, 2022 EPSS Score
- May 29, 2022 EPSS Score
- Jul 20, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 6, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 29, 2023 EPSS Score
- May 18, 2023 EPSS Score
- Jul 7, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0453.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0453 advisory
- http://xenbits.xen.org/xsa/advisory-399.html advisory
- https://support.citrix.com/article/CTX390511 advisory
- http://xenbits.xen.org/xsa/advisory-397.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2022-4111b25ccc advisory
- https://lists.debian.org/debian-security-announce/2022/msg00085.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010779.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010792.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010821.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010818.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-April/010836.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/010918.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-May/010916.html advisory
- https://oss.oracle.com/pipermail/oraclevm-errata/2022-May/001051.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-June/011336.html advisory
- https://security.gentoo.org/glsa/202402-07 advisory