| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-33981 |
416 |
|
DoS |
2022-06-18 |
2022-11-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. |
|
2 |
CVE-2022-31030 |
400 |
|
|
2022-06-09 |
2022-11-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. |
|
3 |
CVE-2022-29900 |
200 |
|
Exec Code +Info |
2022-07-12 |
2022-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. |
|
4 |
CVE-2022-28389 |
415 |
|
|
2022-04-03 |
2023-01-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. |
|
5 |
CVE-2022-28388 |
415 |
|
|
2022-04-03 |
2023-01-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. |
|
6 |
CVE-2022-28356 |
|
|
|
2022-04-02 |
2023-02-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. |
|
7 |
CVE-2022-26966 |
|
|
+Info |
2022-03-12 |
2022-12-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. |
|
8 |
CVE-2022-26354 |
772 |
|
|
2022-03-16 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. |
|
9 |
CVE-2022-25375 |
668 |
|
+Info |
2022-02-20 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. |
|
10 |
CVE-2022-24959 |
401 |
|
|
2022-02-11 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. |
|
11 |
CVE-2022-24919 |
79 |
|
Exec Code XSS CSRF |
2022-03-09 |
2023-04-12 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. |
|
12 |
CVE-2022-24917 |
79 |
|
Exec Code XSS CSRF |
2022-03-09 |
2023-04-12 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. |
|
13 |
CVE-2022-24349 |
79 |
|
XSS |
2022-03-09 |
2023-04-12 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. |
|
14 |
CVE-2022-24130 |
120 |
|
Overflow |
2022-01-31 |
2022-08-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. |
|
15 |
CVE-2022-23825 |
668 |
|
|
2022-07-14 |
2023-01-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. |
|
16 |
CVE-2022-23034 |
191 |
|
|
2022-01-25 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. |
|
17 |
CVE-2022-21704 |
276 |
|
|
2022-01-19 |
2023-02-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update. |
|
18 |
CVE-2022-21166 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
19 |
CVE-2022-21151 |
|
|
|
2022-05-12 |
2022-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
20 |
CVE-2022-21127 |
459 |
|
|
2022-06-15 |
2023-01-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
21 |
CVE-2022-21125 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
22 |
CVE-2022-21123 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
23 |
CVE-2022-2078 |
121 |
|
DoS Overflow |
2022-06-30 |
2022-10-26 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. |
|
24 |
CVE-2022-1195 |
416 |
|
DoS |
2022-04-29 |
2022-12-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. |
|
25 |
CVE-2022-0854 |
401 |
|
|
2022-03-23 |
2022-10-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. |
|
26 |
CVE-2022-0544 |
191 |
|
|
2022-02-24 |
2023-01-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. |
|
27 |
CVE-2022-0487 |
416 |
|
|
2022-02-04 |
2022-04-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. |
|
28 |
CVE-2021-45095 |
200 |
|
+Info |
2021-12-16 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. |
|
29 |
CVE-2021-43976 |
|
|
DoS |
2021-11-17 |
2023-02-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). |
|
30 |
CVE-2021-43389 |
125 |
|
|
2021-11-04 |
2023-02-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. |
|
31 |
CVE-2021-38205 |
824 |
|
|
2021-08-08 |
2022-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer). |
|
32 |
CVE-2021-38198 |
|
|
|
2021-08-08 |
2022-01-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault. |
|
33 |
CVE-2021-38165 |
522 |
|
|
2021-08-07 |
2021-12-02 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. |
|
34 |
CVE-2021-36368 |
287 |
|
Bypass |
2022-03-13 |
2022-07-01 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed." |
|
35 |
CVE-2021-35588 |
|
|
DoS |
2021-10-20 |
2022-09-23 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). |
|
36 |
CVE-2021-35477 |
203 |
|
Bypass +Info |
2021-08-02 |
2021-11-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. |
|
37 |
CVE-2021-34693 |
909 |
|
+Info |
2021-06-14 |
2021-09-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. |
|
38 |
CVE-2021-34556 |
203 |
|
Bypass +Info |
2021-08-02 |
2021-12-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. |
|
39 |
CVE-2021-31829 |
863 |
|
|
2021-05-06 |
2022-01-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. |
|
40 |
CVE-2021-30002 |
|
|
|
2021-04-02 |
2022-05-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. |
|
41 |
CVE-2021-29647 |
909 |
|
+Info |
2021-03-30 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. |
|
42 |
CVE-2021-29473 |
125 |
|
DoS |
2021-04-26 |
2021-09-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `insert`. The bug is fixed in version v0.27.4. Please see our security policy for information about Exiv2 security. |
|
43 |
CVE-2021-29155 |
125 |
|
+Info |
2021-04-20 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. |
|
44 |
CVE-2021-28950 |
834 |
|
|
2021-03-20 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. |
|
45 |
CVE-2021-28715 |
404 |
|
Bypass |
2022-01-06 |
2022-05-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) |
|
46 |
CVE-2021-28714 |
404 |
|
Bypass |
2022-01-06 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) |
|
47 |
CVE-2021-28713 |
|
|
DoS |
2022-01-05 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 |
|
48 |
CVE-2021-28712 |
|
|
DoS |
2022-01-05 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 |
|
49 |
CVE-2021-28711 |
|
|
DoS |
2022-01-05 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 |
|
50 |
CVE-2021-28688 |
665 |
|
|
2021-04-06 |
2022-05-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable. XSA-365 was classified to affect versions back to at least 3.11. |
