cvedb.io
CVE-2022-23039
HIGH · CVSS 7
EPSS exploitation probability: 0%
Published 2022-03-10T20:15:08.633 · Last modified 2026-06-17T04:29:23.910

Summary

Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the

Affected products

xen — xen

Does this affect you?

Add your gear to cvedb and we'll alert you only when xen ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.