CVSS: 5.6EPSS: 0%CPEs: 6EXPL: 0CVE-2022-26356 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-26356
05 Apr 2022 — Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between ... • http://www.openwall.com/lists/oss-security/2022/04/05/1 • CWE-667: Improper Locking •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-26357 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-26357
05 Apr 2022 — race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. Una carrera en la limpieza del ID de dominio de VT-d Los ID de dominio de Xen presentan hasta 15 bits de ancho.... • http://www.openwall.com/lists/oss-security/2022/04/05/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26358 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-26358
05 Apr 2022 — IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device ... • http://www.openwall.com/lists/oss-security/2022/04/05/3 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26359 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-26359
05 Apr 2022 — IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device ... • http://www.openwall.com/lists/oss-security/2022/04/05/3 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26360 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-26360
05 Apr 2022 — IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device ... • http://www.openwall.com/lists/oss-security/2022/04/05/3 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26361 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-26361
05 Apr 2022 — IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device ... • http://www.openwall.com/lists/oss-security/2022/04/05/3 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23042
https://notcve.org/view.php?id=CVE-2022-23042
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23041
https://notcve.org/view.php?id=CVE-2022-23041
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23040 – Ubuntu Security Notice USN-5467-1
https://notcve.org/view.php?id=CVE-2022-23040
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23039 – Ubuntu Security Notice USN-5467-1
https://notcve.org/view.php?id=CVE-2022-23039
10 Mar 2022 — Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the ... • https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •