4.7

CVE-2022-33744

EPSS 0.03%
Veröffentlicht 05.07.2022 13:15:08
Zuletzt bearbeitet 21.11.2024 07:08:27
Quelle security@xen.org
Teams Watchlist Login
Unerledigt Login

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.13 <= 5.18

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:N/A:P

https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5191

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/07/05/4

Patch

Third Party Advisory

Mailing List

http://xenbits.xen.org/xsa/advisory-406.html

Patch

Vendor Advisory

https://xenbits.xenproject.org/xsa/advisory-406.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-33744

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-33744

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-33744

EUVD