Fedora 36 update for xen
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2022-33745 |
| CWE-ID | CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system xen Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Resource exhaustion
EUVDB-ID: #VU65801
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green]
CVE-ID: CVE-2022-33745
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in code responsible for migration and work around of kernels unaware of L1TF in shadow mode, related to TLB flush. A remote user with access to x86 PV guest can start the migration process to trigger the vulnerability and exhaust all available memory, resulting in a denial of service (DoS) attack.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 36
xen: before 4.16.1-8.fc36
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2022-4f7cd241e2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
