CVE-2022-33747

Published: Oct 11, 2022Modified: Nov 21, 2024

3.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Exploitability: 2.0 / Impact: 1.4

Source: NVD

Description

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.

Affected (5)

Products: Xen: Xen · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	All versions

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

References (16)

http://www.openwall.com/lists/oss-security/2022/10/11/5

Source: security@xen.org

Mailing ListPatchThird Party Advisory

http://xenbits.xen.org/xsa/advisory-409.html

Source: security@xen.org

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Source: security@xen.org

https://security.gentoo.org/glsa/202402-07

Source: security@xen.org

https://www.debian.org/security/2022/dsa-5272

Source: security@xen.org

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-409.txt

Source: security@xen.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2022/10/11/5

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://xenbits.xen.org/xsa/advisory-409.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202402-07

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2022/dsa-5272

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-409.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.