{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","type":"apk","namespace":"alpine","name":"xen","version":"4.14.5-r0","qualifiers":{"arch":"mips64","distroversion":"v3.13","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.14.5-r1","latest_non_vulnerable_version":"4.14.5-r7","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106463?format=json","vulnerability_id":"VCID-5hdg-8pq1-wuer","summary":"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26360","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30933","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30999","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30966","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-400.html","reference_id":"XSA-400","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-400.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2022-26360","XSA-400"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hdg-8pq1-wuer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106459?format=json","vulnerability_id":"VCID-5wye-y63w-syff","summary":"Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26356","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15488","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15479","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-397.html","reference_id":"XSA-397","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-397.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2022-26356","XSA-397"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wye-y63w-syff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106449?format=json","vulnerability_id":"VCID-63u8-8gxf-7kf8","summary":"grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28703","reference_id":"","reference_type":"","scores":[{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29458","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29527","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00113","scoring_system":"epss","scoring_elements":"0.29488","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28703"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-387.html","reference_id":"XSA-387","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-387.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2021-28703","XSA-387"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-63u8-8gxf-7kf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104632?format=json","vulnerability_id":"VCID-99f4-33sx-qbhd","summary":"xen: arm: guest_physmap_remove_page not removing the p2m mappings (XSA-393)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23033.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23033","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25868","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25971","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25963","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045043","reference_id":"2045043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045043"},{"reference_url":"https://security.gentoo.org/glsa/202208-23","reference_id":"GLSA-202208-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-23"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-393.html","reference_id":"XSA-393","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-393.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2022-23033","XSA-393"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99f4-33sx-qbhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104628?format=json","vulnerability_id":"VCID-ee4b-q8nj-2bc8","summary":"xen: Insufficient cleanup of passed-through device IRQs (XSA-395)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23035.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23035","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29775","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29843","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29806","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045039","reference_id":"2045039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045039"},{"reference_url":"https://security.gentoo.org/glsa/202208-23","reference_id":"GLSA-202208-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-23"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-395.html","reference_id":"XSA-395","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-395.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2022-23035","XSA-395"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ee4b-q8nj-2bc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106452?format=json","vulnerability_id":"VCID-ggdu-ttwp-vyev","summary":"guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit. This is a result of a calculation done with 32-bit precision, which may overflow. It would then only be the overflowed (and hence small) number which gets compared against the established upper bound.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28706","reference_id":"","reference_type":"","scores":[{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.35929","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36024","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00155","scoring_system":"epss","scoring_elements":"0.36033","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28705","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28705"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28706","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28706"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28707","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28707"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28709","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28709"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-385.html","reference_id":"XSA-385","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-385.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2021-28706","XSA-385"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggdu-ttwp-vyev"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104630?format=json","vulnerability_id":"VCID-wm34-8ubs-hbet","summary":"xen: A PV guest could DoS Xen while unmapping a grant (XSA-394)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23034.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23034","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28145","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28215","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28165","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045041","reference_id":"2045041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045041"},{"reference_url":"https://security.gentoo.org/glsa/202208-23","reference_id":"GLSA-202208-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-23"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-394.html","reference_id":"XSA-394","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-394.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2022-23034","XSA-394"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm34-8ubs-hbet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106460?format=json","vulnerability_id":"VCID-ychg-9jrx-6bhf","summary":"race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26357","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04785","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04805","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04795","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-399.html","reference_id":"XSA-399","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-399.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/327211?format=json","purl":"pkg:apk/alpine/xen@4.14.5-r0?arch=mips64&distroversion=v3.13&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}],"aliases":["CVE-2022-26357","XSA-399"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ychg-9jrx-6bhf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.14.5-r0%3Farch=mips64&distroversion=v3.13&reponame=main"}