{"api_version":"1","generated_at":"2026-04-22T21:39:54+00:00","cve":"CVE-2022-26356","urls":{"html":"https://cve.report/CVE-2022-26356","api":"https://cve.report/api/cve/CVE-2022-26356.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-26356","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-26356"},"summary":{"title":"CVE-2022-26356","description":"Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.","state":"PUBLIC","assigner":"security@xen.org","published_at":"2022-04-05 13:15:00","updated_at":"2024-02-04 08:15:00"},"problem_types":["CWE-667"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2022/dsa-5117","name":"DSA-5117","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5117-1 xen","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/","name":"FEDORA-2022-dfbf7e2372","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: xen-4.15.2-3.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.gentoo.org/glsa/202402-07","name":"GLSA-202402-07","refsource":"","tags":[],"title":"Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2022/04/05/1","name":"[oss-security] 20220405 Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions\n between dirty vram tracking and paging log dirty hypercalls","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/","name":"FEDORA-2022-64b2c02d29","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/","name":"FEDORA-2022-dfbf7e2372","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: xen-4.15.2-3.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/","name":"FEDORA-2022-64b2c02d29","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: xen-4.14.5-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://xenbits.xenproject.org/xsa/advisory-397.txt","name":"https://xenbits.xenproject.org/xsa/advisory-397.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"http://xenbits.xen.org/xsa/advisory-397.html","name":"http://xenbits.xen.org/xsa/advisory-397.html","refsource":"CONFIRM","tags":[],"title":"XSA-397 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-26356","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26356","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Array","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"26356","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"26356","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"26356","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"26356","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"x86","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-26356","qid":"179182","title":"Debian Security Update for xen (DSA 5117-1)"},{"cve":"CVE-2022-26356","qid":"184860","title":"Debian Security Update for xen (CVE-2022-26356)"},{"cve":"CVE-2022-26356","qid":"282617","title":"Fedora Security Update for xen (FEDORA-2022-dfbf7e2372)"},{"cve":"CVE-2022-26356","qid":"282643","title":"Fedora Security Update for xen (FEDORA-2022-64b2c02d29)"},{"cve":"CVE-2022-26356","qid":"390260","title":"Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2022-0012)"},{"cve":"CVE-2022-26356","qid":"500806","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26356","qid":"501523","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26356","qid":"502242","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26356","qid":"502421","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26356","qid":"504548","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-26356","qid":"710858","title":"Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)"},{"cve":"CVE-2022-26356","qid":"752054","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1285-1)"},{"cve":"CVE-2022-26356","qid":"752065","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1300-1)"},{"cve":"CVE-2022-26356","qid":"752073","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1359-1)"},{"cve":"CVE-2022-26356","qid":"752075","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1408-1)"},{"cve":"CVE-2022-26356","qid":"752099","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1506-1)"},{"cve":"CVE-2022-26356","qid":"752100","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:1505-1)"},{"cve":"CVE-2022-26356","qid":"752262","title":"SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:2158-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@xen.org","ID":"CVE-2022-26356","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"xen","version":{"version_data":[{"version_affected":"?","version_value":"consult Xen advisory XSA-397"}]}}]},"vendor_name":"Xen"}]}},"configuration":{"configuration_data":{"description":{"description_data":[{"lang":"eng","value":"All Xen versions from at least 4.0 onwards are vulnerable.\n\nOnly x86 systems are vulnerable.  Arm systems are not vulnerable.\n\nOnly domains controlling an x86 HVM guest using Hardware Assisted Paging (HAP)\ncan leverage the vulnerability.  On common deployments this is limited to\ndomains that run device models on behalf of guests."}]}}},"credit":{"credit_data":{"description":{"description_data":[{"lang":"eng","value":"This issue was discovered by Roger Pau Monné of Citrix."}]}}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak."}]},"impact":{"impact_data":{"description":{"description_data":[{"lang":"eng","value":"An attacker can cause Xen to leak memory, eventually leading to a Denial of\nService (DoS) affecting the entire host."}]}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unknown"}]}]},"references":{"reference_data":[{"url":"https://xenbits.xenproject.org/xsa/advisory-397.txt","refsource":"MISC","name":"https://xenbits.xenproject.org/xsa/advisory-397.txt"},{"refsource":"CONFIRM","name":"http://xenbits.xen.org/xsa/advisory-397.html","url":"http://xenbits.xen.org/xsa/advisory-397.html"},{"refsource":"MLIST","name":"[oss-security] 20220405 Xen Security Advisory 397 v2 (CVE-2022-26356) - Racy interactions between dirty vram tracking and paging log dirty hypercalls","url":"http://www.openwall.com/lists/oss-security/2022/04/05/1"},{"refsource":"DEBIAN","name":"DSA-5117","url":"https://www.debian.org/security/2022/dsa-5117"},{"refsource":"FEDORA","name":"FEDORA-2022-dfbf7e2372","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/"},{"refsource":"FEDORA","name":"FEDORA-2022-64b2c02d29","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/"}]},"workaround":{"workaround_data":{"description":{"description_data":[{"lang":"eng","value":"Using only PV or PVH guests and/or running HVM guests in shadow mode will avoid\nthe vulnerability."}]}}}},"nvd":{"publishedDate":"2022-04-05 13:15:00","lastModifiedDate":"2024-02-04 08:15:00","problem_types":["CWE-667"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.6,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.1,"impactScore":4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:N/I:N/A:C","accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":1.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*","versionStartIncluding":"4.15.0","versionEndExcluding":"4.16.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*","versionStartIncluding":"4.13.0","versionEndExcluding":"4.14.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.12.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}