{"id":"CVE-2022-26356","details":"Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.","modified":"2026-03-13T05:39:34.522888Z","published":"2022-04-05T13:15:07.727Z","related":["SUSE-SU-2022:1285-1","SUSE-SU-2022:1300-1","SUSE-SU-2022:1359-1","SUSE-SU-2022:1375-1","SUSE-SU-2022:1408-1","SUSE-SU-2022:1505-1","SUSE-SU-2022:1506-1","SUSE-SU-2022:2158-1","openSUSE-SU-2024:11979-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ETPM2OVZZ6KOS2L7QO7SIW6XWT5OW3F/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHFSRVLM2JUCPDC2KGB7ETPQYJLCGBLD/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202402-07"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5117"},{"type":"ADVISORY","url":"https://xenbits.xenproject.org/xsa/advisory-397.txt"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2022/04/05/1"},{"type":"FIX","url":"http://xenbits.xen.org/xsa/advisory-397.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-26356.json","unresolved_ranges":[{"events":[{"introduced":"4.0.0"},{"fixed":"4.12.0"}]},{"events":[{"introduced":"4.13.0"},{"fixed":"4.14.0"}]},{"events":[{"introduced":"4.15.0"},{"fixed":"4.16.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H"}]}