NVD Vulnerability Detail

CVE-2022-26357

Summary	race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.
Publication Date	April 5, 2022, 10:15 p.m.
Registration Date	April 6, 2022, 10 a.m.
Last Update	Nov. 21, 2024, 3:53 p.m.

Affected software configurations

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:11.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.openwall.com/lists/oss-security/2022/04/05/2	Mailing List Patch Third Party Advisory
2	http://www.openwall.com/lists/oss-security/2022/04/05/2	Mailing List Patch Third Party Advisory
3	http://xenbits.xen.org/xsa/advisory-399.html	Patch Vendor Advisory
4	http://xenbits.xen.org/xsa/advisory-399.html	Patch Vendor Advisory
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/
6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
9	https://security.gentoo.org/glsa/202402-07
10	https://security.gentoo.org/glsa/202402-07
11	https://www.debian.org/security/2022/dsa-5117	Third Party Advisory
12	https://www.debian.org/security/2022/dsa-5117	Third Party Advisory
13	https://xenbits.xenproject.org/xsa/advisory-399.txt	Vendor Advisory
14	https://xenbits.xenproject.org/xsa/advisory-399.txt	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-362	競合状態	https://cwe.mitre.org/data/definitions/362.html

JVN Vulnerability Information

Xen プロジェクトの Xen 他複数ベンダの製品における競合状態に関する脆弱性

Title	Xen プロジェクトの Xen 他複数ベンダの製品における競合状態に関する脆弱性
Summary	Xen プロジェクトの Xen 他複数ベンダの製品には、競合状態に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	参考情報を参照して適切な対策を実施してください。
Publication Date	April 5, 2022, midnight
Registration Date	July 21, 2023, 5:17 p.m.
Last Update	July 21, 2023, 5:17 p.m.

Affected System

Debian

Debian GNU/Linux 11.0

Fedora Project

Fedora 34

Fedora 35

Xen プロジェクト

Xen 4.11.0 以上 4.12.0 未満

Xen 4.13.0 以上 4.16.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2022-26357	https://www.cve.org/CVERecord?id=CVE-2022-26357
National Vulnerability Database (NVD)
2	CVE-2022-26357	https://nvd.nist.gov/vuln/detail/CVE-2022-26357

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-362	https://jvndb.jvn.jp/ja/cwe/CWE-362.html

その他

No	Name	URL
関連文書
1	lists.fedoraproject.org (6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F)	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/
2	lists.fedoraproject.org (UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD)	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/
3	www.debian.org (dsa-5117)	https://www.debian.org/security/2022/dsa-5117
4	www.openwall.com (oss-security/2022/04/05/2)	http://www.openwall.com/lists/oss-security/2022/04/05/2
5	xenbits.xen.org (advisory-399)	http://xenbits.xen.org/xsa/advisory-399.html
6	xenbits.xenproject.org (advisory-399.txt)	https://xenbits.xenproject.org/xsa/advisory-399.txt

Change Log

No	Changed Details	Date of change
1	[2023年07月21日] 掲載	July 21, 2023, 5:17 p.m.