CVE-2022-26356: 
NixOS vulnerability analysis and mitigation

CVE-2022-26356 (XSA-397) is a vulnerability in the Xen hypervisor discovered by Roger Pau Monné of Citrix and publicly disclosed on April 5, 2022. The vulnerability affects all Xen versions from at least 4.0 onwards, specifically impacting x86 systems using Hardware Assisted Paging (HAP) (Xen Advisory).

The vulnerability stems from a race condition between dirty vram tracking and paging log dirty hypercalls. Specifically, the activation of log dirty mode through XENDMOPtrackdirtyvram (previously HVMOPtrackdirtyvram before Xen 4.9) can race with ongoing log dirty hypercalls. When a call to XENDMOPtrackdirtyvram occurs while another CPU is dismantling structures from a previously enabled log dirty mode (XENDOMCTLSHADOWOP_OFF), entries can be added to already freed slots due to lack of proper mutual exclusion locking (Xen Advisory).

The vulnerability allows an attacker to cause Xen to leak memory, which can eventually lead to a Denial of Service (DoS) condition affecting the entire host system. The impact is limited to domains controlling x86 HVM guests using Hardware Assisted Paging, typically affecting domains that run device models on behalf of guests (Xen Advisory).

Several mitigation options are available: using only PV or PVH guests, running HVM guests in shadow mode, or applying the provided security patches. Patches were released for multiple Xen versions including 4.12.x, 4.14.x, and 4.16.x. Various Linux distributions have also released updated packages to address this vulnerability (Debian Advisory, Fedora Update).