CVE-2022-33744

Name
CVE-2022-33744
Description
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://xenbits.xenproject.org/xsa/advisory-406.txt
CONFIRM http://xenbits.xen.org/xsa/advisory-406.html
MLIST http://www.openwall.com/lists/oss-security/2022/07/05/4
Third Party Advisory https://www.debian.org/security/2022/dsa-5191
Mailing List https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 3.13 <= 5.18

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen 3.14-main 4.15.4-r0 Natanael Copa <ncopa@alpinelinux.org> fixed