QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-23035

Back to search

CVE-2022-23035

Published: Jan 25, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.

VendorProductVersions

Xen

xen

unknown
consult Xen advisory XSA-395

References

FEDORA-2022-0cc3916e08
vendor-advisory
x_refsource_FEDORA
DSA-5117
vendor-advisory
x_refsource_DEBIAN
GLSA-202208-23
vendor-advisory
x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now