6.5

CVE-2022-33746

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen Version >= 4.13.0 <= 4.16.1
FedoraprojectFedora Version35
FedoraprojectFedora Version36
FedoraprojectFedora Version37
DebianDebian Linux Version11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.066
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

http://www.openwall.com/lists/oss-security/2022/10/11/3
Patch
Third Party Advisory
Mailing List
Mitigation
http://xenbits.xen.org/xsa/advisory-410.html
Patch
Vendor Advisory
Mitigation
https://xenbits.xenproject.org/xsa/advisory-410.txt
Patch
Vendor Advisory
Mitigation