Main Vulnerability Database Vulnerabilities #VU65801

#VU65801 Resource exhaustion in Xen - CVE-2022-33745

Published: July 26, 2022

Vulnerability identifier: #VU65801

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Green

CVE-ID: CVE-2022-33745

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in code responsible for migration and work around of kernels unaware of L1TF in shadow mode, related to TLB flush. A remote user with access to x86 PV guest can start the migration process to trigger the vulnerability and exhaust all available memory, resulting in a denial of service (DoS) attack.

Remediation

Install updates from vendor's website.

External links

https://xenbits.xenproject.org/xsa/advisory-408.txt

#VU65801 Resource exhaustion in Xen - CVE-2022-33745

Description

Remediation

External links

Please verify you're human