4.7

CVE-2022-33744

EPSS 0.03%
Published 05.07.2022 13:15:08
Last modified 21.11.2024 07:08:27
Source security@xen.org
Teams watchlist Login
Open Login

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

Affected products Warnungen 0 Metrics 3 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.13 <= 5.18

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.066

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.7	1	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:N/I:N/A:P

https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5191

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/07/05/4

Patch

Third Party Advisory

Mailing List

http://xenbits.xen.org/xsa/advisory-406.html

Patch

Vendor Advisory

https://xenbits.xenproject.org/xsa/advisory-406.txt

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-33744

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-33744

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-33744

EUVD