CVE-2022-33745

Name
CVE-2022-33745
Description
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://xenbits.xenproject.org/xsa/advisory-408.txt
CONFIRM http://xenbits.xen.org/xsa/advisory-408.html
MLIST http://www.openwall.com/lists/oss-security/2022/07/26/2
MLIST http://www.openwall.com/lists/oss-security/2022/07/26/3
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:* xen == None == None

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen 3.15-main 4.15.3-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.14-main 4.15.3-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.13-main 4.14.5-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.16.1-r7 Natanael Copa <ncopa@alpinelinux.org> fixed
xen 3.16-main 4.16.1-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable