QwikSec

Security Database

CVE

CWE

Training

CVE-2022-26362

Published: Jun 9, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.

Vendor	Product	Versions
Xen	xen	unknown `consult Xen advisory XSA-401`

References

https://xenbits.xenproject.org/xsa/advisory-401.txt

x_refsource_MISC

http://xenbits.xen.org/xsa/advisory-401.html

x_refsource_CONFIRM

[oss-security] 20220609 Xen Security Advisory 401 v2 (CVE-2022-26362) - x86 pv: Race condition in typeref acquisition

mailing-list

x_refsource_MLIST

FEDORA-2022-0142d562ca

vendor-advisory

x_refsource_FEDORA

http://packetstormsecurity.com/files/167718/Xen-TLB-Flush-Bypass.html

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

FEDORA-2022-2c9f8224f8

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.