Main Vulnerability Database Vulnerabilities #VU65844

#VU65844 Resource management error in Xen - CVE-2022-33744

Published: July 28, 2022

Vulnerability identifier: #VU65844

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:U/U:Clear

CVE-ID: CVE-2022-33744

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xen

Software vendor:
Xen Project

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of foreign mappings performed by rbtree when mapping pages of Arm guests. An unprivileged Arm guest can cause inconsistencies of the rbtree via PV devices, which can lead to denial of service of dom0 and cause crashes or the inability to perform further mappings of other guests' memory pages.

Remediation

Install updates from vendor's website.

External links

https://xenbits.xenproject.org/xsa/advisory-406.txt
http://xenbits.xen.org/xsa/advisory-406.html
http://www.openwall.com/lists/oss-security/2022/07/05/4
https://www.debian.org/security/2022/dsa-5191