{"id":"UBUNTU-CVE-2022-42332","details":"x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.","modified":"2026-04-27T17:54:57.039448Z","published":"2023-03-21T13:15:00Z","upstream":["CVE-2022-42332"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-42332"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2023/03/21/1"},{"type":"REPORT","url":"https://xenbits.xen.org/xsa/advisory-427.html"},{"type":"REPORT","url":"https://xenbits.xenproject.org/xsa/advisory-427.txt"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2023/03/21/1"},{"type":"REPORT","url":"http://xenbits.xen.org/xsa/advisory-427.html"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-42332"}],"affected":[{"package":{"name":"xen","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/xen@4.6.5-0ubuntu1.4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.5.1-0ubuntu1","4.5.1-0ubuntu2","4.6.0-1ubuntu1","4.6.0-1ubuntu2","4.6.0-1ubuntu4","4.6.0-1ubuntu4.1","4.6.0-1ubuntu4.2","4.6.0-1ubuntu4.3","4.6.5-0ubuntu1","4.6.5-0ubuntu1.1","4.6.5-0ubuntu1.2","4.6.5-0ubuntu1.4"],"ecosystem_specific":{"binaries":[{"binary_name":"libxen-4.6","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"libxenstore3.0","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.4-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.4-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.4-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.5-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.5-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.5-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.6-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.6-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-hypervisor-4.6-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-system-amd64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-system-arm64","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-system-armhf","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-utils-4.6","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xen-utils-common","binary_version":"4.6.5-0ubuntu1.4"},{"binary_name":"xenstore-utils","binary_version":"4.6.5-0ubuntu1.4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42332.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/xen@4.9.2-0ubuntu1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.9.0-0ubuntu3","4.9.0-0ubuntu4","4.9.2-0ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libxen-4.9","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"libxenstore3.0","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.6-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.6-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.6-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.7-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.7-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.7-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.8-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.8-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.8-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.9-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.9-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-hypervisor-4.9-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-system-amd64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-system-arm64","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-system-armhf","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-utils-4.9","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xen-utils-common","binary_version":"4.9.2-0ubuntu1"},{"binary_name":"xenstore-utils","binary_version":"4.9.2-0ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42332.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/xen@4.11.3+24-g14b62ab3e5-1ubuntu2.3?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.9.2-0ubuntu2","4.9.2-0ubuntu6","4.9.2-0ubuntu7","4.11.3+24-g14b62ab3e5-1ubuntu1","4.11.3+24-g14b62ab3e5-1ubuntu2","4.11.3+24-g14b62ab3e5-1ubuntu2.2","4.11.3+24-g14b62ab3e5-1ubuntu2.3"],"ecosystem_specific":{"binaries":[{"binary_name":"libxencall1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxendevicemodel1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenevtchn1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenforeignmemory1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxengnttab1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenmisc4.11","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxenstore3.0","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxentoolcore1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"libxentoollog1","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.11-amd64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.11-arm64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.11-armhf","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.9-amd64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.9-arm64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-4.9-armhf","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-hypervisor-common","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-system-amd64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-system-arm64","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-system-armhf","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-utils-4.11","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xen-utils-common","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"},{"binary_name":"xenstore-utils","binary_version":"4.11.3+24-g14b62ab3e5-1ubuntu2.3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42332.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/xen@4.16.0-1~ubuntu2.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.11.4+24-gddaaccbbab-1ubuntu2","4.16.0-1~ubuntu2","4.16.0-1~ubuntu2.1"],"ecosystem_specific":{"binaries":[{"binary_name":"libxencall1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxendevicemodel1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxenevtchn1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxenforeignmemory1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxengnttab1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxenhypfs1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxenmisc4.16","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxenstore4","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxentoolcore1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"libxentoollog1","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-hypervisor-4.16-amd64","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-hypervisor-4.16-arm64","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-hypervisor-4.16-armhf","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-hypervisor-common","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-system-amd64","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-system-arm64","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-system-armhf","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-utils-4.16","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xen-utils-common","binary_version":"4.16.0-1~ubuntu2.1"},{"binary_name":"xenstore-utils","binary_version":"4.16.0-1~ubuntu2.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42332.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/xen@4.17.3+10-g091466ba55-1.1ubuntu3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.17.2-1","4.17.2+55-g0b56bed864-1","4.17.2+76-ge1f9cb16e2-1","4.17.2+76-ge1f9cb16e2-1ubuntu1","4.17.3+10-g091466ba55-1","4.17.3+10-g091466ba55-1.1ubuntu2","4.17.3+10-g091466ba55-1.1ubuntu3"],"ecosystem_specific":{"binaries":[{"binary_name":"libxencall1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxendevicemodel1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxenevtchn1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxenforeignmemory1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxengnttab1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxenhypfs1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxenmisc4.17t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxenstore4t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxentoolcore1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"libxentoollog1t64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-hypervisor-4.17-amd64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-hypervisor-4.17-arm64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-hypervisor-4.17-armhf","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-hypervisor-common","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-system-amd64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-system-arm64","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-system-armhf","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-utils-4.17","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xen-utils-common","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"},{"binary_name":"xenstore-utils","binary_version":"4.17.3+10-g091466ba55-1.1ubuntu3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42332.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/xen@4.20.0+68-g35cb38b222-1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.20.0-1ubuntu1","4.20.0+68-g35cb38b222-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libxencall1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxendevicemodel1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxenevtchn1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxenforeignmemory1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxengnttab1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxenhypfs1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxenmisc4.20","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxenstore4","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxentoolcore1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"libxentoollog1","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xen-hypervisor-4.20-amd64","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xen-hypervisor-4.20-arm64","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xen-hypervisor-common","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xen-system-amd64","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xen-system-arm64","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xen-utils-4.20","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xen-utils-common","binary_version":"4.20.0+68-g35cb38b222-1"},{"binary_name":"xenstore-utils","binary_version":"4.20.0+68-g35cb38b222-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42332.json"}},{"package":{"name":"xen","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/xen@4.20.2+7-g1badcf5035-2build2?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4.20.0+68-g35cb38b222-1","4.20.2+7-g1badcf5035-2","4.20.2+7-g1badcf5035-2build2"],"ecosystem_specific":{"binaries":[{"binary_name":"libxencall1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxendevicemodel1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxenevtchn1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxenforeignmemory1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxengnttab1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxenhypfs1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxenmisc4.20","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxenstore4","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxentoolcore1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"libxentoollog1","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xen-hypervisor-4.20-amd64","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xen-hypervisor-4.20-arm64","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xen-hypervisor-common","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xen-system-amd64","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xen-system-arm64","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xen-utils-4.20","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xen-utils-common","binary_version":"4.20.2+7-g1badcf5035-2build2"},{"binary_name":"xenstore-utils","binary_version":"4.20.2+7-g1badcf5035-2build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-42332.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}