CVE-2022-26357
HIGH7.0EPSS 0.02%Published: 4/5/2022Modified: 12/3/2025
Also known as:ALPINE-CVE-2022-26357
Description
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.
Affected packages (2)
- Alpine/xenfrom 0, < 4.13.4-r3
- Debian/xenfrom 0, < 4.14.4+74-gd7b22226b5-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |