CVE-2022-26365

Updated: 2023-11-07 19:20:45.881178

Description:

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 3.6
CVSS Version 3.x HIGH 7.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS kernel 2.6.32 7.1 HIGH Released CLSA-2023:1700591071 2023-12-05 13:15:18
CentOS 7 ELS kernel 3.10.0 7.1 HIGH In Rollout CLSA-2024:1720468480 2024-07-08 17:36:37
CloudLinux 6 ELS kernel 2.6.32 7.1 HIGH Needs Triage 2023-07-21 00:48:24
Oracle Linux 6 ELS kernel 2.6.32 7.1 HIGH Released CLSA-2023:1700590262 2023-11-21 13:16:18
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.1 HIGH Released CLSA-2022:1666115300 2022-10-18 14:02:36
Ubuntu 16.04 ELS linux 4.4.0 7.1 HIGH Released CLSA-2022:1667414297 2022-11-02 17:03:51