Lucene search

K
cve[email protected]CVE-2022-26365
HistoryJul 05, 2022 - 1:15 p.m.

CVE-2022-26365

2022-07-0513:15:08
CWE-401
web.nvd.nist.gov
102
8
cve-2022-26365
linux
disk
nic
frontends
data leaks
security vulnerability
nvd
cve-2022-33740
cve-2022-33741
cve-2022-33742

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.6%

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Affected configurations

NVD
Node
linuxlinux_kernelRange2.6.134.9.322
OR
linuxlinux_kernelRange4.144.14.287
OR
linuxlinux_kernelRange4.194.19.251
OR
linuxlinux_kernelRange5.45.4.204
OR
linuxlinux_kernelRange5.105.10.129
OR
linuxlinux_kernelRange5.155.15.53
OR
linuxlinux_kernelRange5.185.18.10
OR
linuxlinux_kernelMatch2.6.12rc2
OR
linuxlinux_kernelMatch2.6.12rc3
OR
linuxlinux_kernelMatch2.6.12rc4
OR
linuxlinux_kernelMatch2.6.12rc5
OR
linuxlinux_kernelMatch2.6.12rc6
OR
linuxlinux_kernelMatch5.19rc1
OR
linuxlinux_kernelMatch5.19rc2
OR
linuxlinux_kernelMatch5.19rc3
OR
linuxlinux_kernelMatch5.19rc4
OR
linuxlinux_kernelMatch5.19rc5
OR
xenxenMatch-
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "versions": [
      {
        "status": "unknown",
        "version": "consult Xen advisory XSA-403"
      }
    ]
  },
  {
    "product": "xen",
    "vendor": "Xen",
    "versions": [
      {
        "status": "unknown",
        "version": "consult Xen advisory XSA-403"
      }
    ]
  }
]

Social References

More

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.6%