Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-23035
PUBLISHED
More InfoOfficial Page
Assigner-XEN
Assigner Org ID-23aa2041-22e1-471f-9209-9b7396fa234f
View Known Exploited Vulnerability (KEV) details
Published At-25 Jan, 2022 | 13:46
Updated At-03 Aug, 2024 | 03:28
Rejected At-
▼CVE Numbering Authority (CNA)

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.

Affected Products
Vendor
Xen ProjectXen
Product
xen
Versions

unknown

  • consult Xen advisory XSA-395
Problem Types
TypeCWE IDDescription
textN/Aunknown
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
unknown
description:
description_data:
lang:
eng
value:
The precise impact is system specific, but would typically be a Denial of Service (DoS) affecting the entire host. Privilege escalation and information leaks cannot be ruled out.
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Julien Grall of Amazon.'}]}}}
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://xenbits.xenproject.org/xsa/advisory-395.txt
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2022/01/25/4
mailing-list
x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMR6UBGJW6JKND7IILGQ2CU35EQPF3E3/
vendor-advisory
x_refsource_FEDORA
https://www.debian.org/security/2022/dsa-5117
vendor-advisory
x_refsource_DEBIAN
https://security.gentoo.org/glsa/202208-23
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://xenbits.xenproject.org/xsa/advisory-395.txt
x_refsource_MISC
x_transferred
http://www.openwall.com/lists/oss-security/2022/01/25/4
mailing-list
x_refsource_MLIST
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMR6UBGJW6JKND7IILGQ2CU35EQPF3E3/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.debian.org/security/2022/dsa-5117
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://security.gentoo.org/glsa/202208-23
vendor-advisory
x_refsource_GENTOO
x_transferred
Details not found