CVE-2022-26365

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Published: Jul 5, 2022
Updated: Nov 16, 2025
CVE: CVE-2022-26365
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:N/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
debian / debian_linux	10.0	10.0.x
debian / debian_linux	11.0	11.0.x
fedoraproject / fedora	35	35.x
fedoraproject / fedora	36	36.x
linux / linux_kernel	2.6.12-rc4	2.6.12-rc4.x
linux / linux_kernel	2.6.12-rc5	2.6.12-rc5.x
linux / linux_kernel	2.6.12-rc2	2.6.12-rc2.x
linux / linux_kernel	2.6.12-rc3	2.6.12-rc3.x
linux / linux_kernel	2.6.12-rc6	2.6.12-rc6.x
linux / linux_kernel	5.19-rc1	5.19-rc1.x
linux / linux_kernel	5.19-rc2	5.19-rc2.x
linux / linux_kernel	5.19-rc3	5.19-rc3.x
linux / linux_kernel	5.19-rc4	5.19-rc4.x
linux / linux_kernel	5.19-rc5	5.19-rc5.x
linux / linux_kernel	5.18	5.18.10
linux / linux_kernel	5.15	5.15.53
linux / linux_kernel	5.10	5.10.129
linux / linux_kernel	5.4	5.4.204
linux / linux_kernel	4.14	4.14.287
linux / linux_kernel	2.6.13	4.9.322
linux / linux_kernel	4.19	4.19.251

Vulnerability Database

319,897

CVE-2022-26365

Deep Security Visibility Without the Complexity