{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","type":"apk","namespace":"alpine","name":"xen","version":"4.16.1-r0","qualifiers":{"arch":"riscv64","distroversion":"v3.21","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.16.1-r2","latest_non_vulnerable_version":"4.19.5-r3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106463?format=json","vulnerability_id":"VCID-5hdg-8pq1-wuer","summary":"IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, \"RMRR\") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26360","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30933","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30999","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30966","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30901","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.30922","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-400.html","reference_id":"XSA-400","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-400.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2022-26360","XSA-400"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hdg-8pq1-wuer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106459?format=json","vulnerability_id":"VCID-5wye-y63w-syff","summary":"Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XEN_DMOP_track_dirty_vram (was named HVMOP_track_dirty_vram before Xen 4.9) is racy with ongoing log dirty hypercalls. A suitably timed call to XEN_DMOP_track_dirty_vram can enable log dirty while another CPU is still in the process of tearing down the structures related to a previously enabled log dirty mode (XEN_DOMCTL_SHADOW_OP_OFF). This is due to lack of mutually exclusive locking between both operations and can lead to entries being added in already freed slots, resulting in a memory leak.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26356","reference_id":"","reference_type":"","scores":[{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15479","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15382","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15488","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15403","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.1544","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00048","scoring_system":"epss","scoring_elements":"0.15356","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-397.html","reference_id":"XSA-397","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-397.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2022-26356","XSA-397"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wye-y63w-syff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104632?format=json","vulnerability_id":"VCID-99f4-33sx-qbhd","summary":"xen: arm: guest_physmap_remove_page not removing the p2m mappings (XSA-393)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23033.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23033.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23033","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25868","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25971","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25963","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25918","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25861","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25866","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045043","reference_id":"2045043","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045043"},{"reference_url":"https://security.gentoo.org/glsa/202208-23","reference_id":"GLSA-202208-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-23"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-393.html","reference_id":"XSA-393","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-393.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2022-23033","XSA-393"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-99f4-33sx-qbhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104628?format=json","vulnerability_id":"VCID-ee4b-q8nj-2bc8","summary":"xen: Insufficient cleanup of passed-through device IRQs (XSA-395)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23035.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23035","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29775","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29843","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29806","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29774","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.2974","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.29752","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045039","reference_id":"2045039","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045039"},{"reference_url":"https://security.gentoo.org/glsa/202208-23","reference_id":"GLSA-202208-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-23"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-395.html","reference_id":"XSA-395","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-395.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2022-23035","XSA-395"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ee4b-q8nj-2bc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/275769?format=json","vulnerability_id":"VCID-skz4-vt8j-s3g3","summary":"","references":[{"reference_url":"https://xenbits.xen.org/xsa/advisory-398.html","reference_id":"XSA-398","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-398.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2022-26401","XSA-398"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-skz4-vt8j-s3g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/104630?format=json","vulnerability_id":"VCID-wm34-8ubs-hbet","summary":"xen: A PV guest could DoS Xen while unmapping a grant (XSA-394)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23034.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23034.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23034","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28145","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28215","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28165","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28125","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28081","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28085","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045041","reference_id":"2045041","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2045041"},{"reference_url":"https://security.gentoo.org/glsa/202208-23","reference_id":"GLSA-202208-23","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-23"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-394.html","reference_id":"XSA-394","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-394.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2022-23034","XSA-394"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm34-8ubs-hbet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106460?format=json","vulnerability_id":"VCID-ychg-9jrx-6bhf","summary":"race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26357","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04795","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04773","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04805","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04785","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04784","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04745","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23034"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23035"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26356"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26357"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26358"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26359"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26360"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26361"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202402-07","reference_id":"GLSA-202402-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-07"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-399.html","reference_id":"XSA-399","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-399.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382194?format=json","purl":"pkg:apk/alpine/xen@4.16.1-r0?arch=riscv64&distroversion=v3.21&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}],"aliases":["CVE-2022-26357","XSA-399"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ychg-9jrx-6bhf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.16.1-r0%3Farch=riscv64&distroversion=v3.21&reponame=main"}