Launchpad.net

CVE 2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.

Related bugs and status

CVE-2022-26356 (Candidate) is related to these bugs:

Bug #1970507: No security updates since release in all Ubuntu releases

Summary				In	Importance	Status
	1970507	No security updates since release in all Ubuntu releases		xen (Ubuntu)	Medium	Expired

Bug #1978891: [SRU] Upgrade to 4.16.2 for Jammy and Kinetic

		In	Importance	Status
1978891	[SRU] Upgrade to 4.16.2 for Jammy and Kinetic	xen (Ubuntu)	Medium	Won't Fix
1978891	[SRU] Upgrade to 4.16.2 for Jammy and Kinetic	xen (Debian)	Unknown	Fix Released
1978891	[SRU] Upgrade to 4.16.2 for Jammy and Kinetic	xen (Ubuntu Jammy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-26356

Related bugs and status

Related bugs

References