CVE-2022-33744Linux vulnerability

43 documents7 sources
Severity
4.7MEDIUMNVD
OSV6.7OSV5.5OSV4.4OSV4.3
EPSS
0.1%
top 82.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxDebian Linux+2 more
Timeline
PublishedJul 5
Latest updateOct 27

Description

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of othe

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages6 packages

debiandebian/linux< linux 5.18.14-1 (bookworm)
Debianlinux/linux_kernel< 5.10.127-2+3
Ubuntulinux/linux_kernel< 4.15.0-194.205+2
NVDlinux/linux_kernel3.135.18

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: www.openwall.comPatch: xenbits.xen.orgPatch: www.openwall.com

🔴Vulnerability Details

23
OSV
linux-azure-fde vulnerabilities2022-10-27
OSV
linux-gcp vulnerabilities2022-10-21
OSV
linux-azure-4.15 vulnerabilities2022-10-18
OSV
linux-azure vulnerabilities2022-10-17
OSV
linux-ibm vulnerabilities2022-10-14

📋Vendor Advisories

19
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2022-10-27
Ubuntu
Linux kernel (GCP) vulnerabilities2022-10-21
Ubuntu
Linux kernel (Azure) vulnerabilities2022-10-18
Ubuntu
Linux kernel (Azure) vulnerabilities2022-10-17
Ubuntu
Linux kernel (IBM) vulnerabilities2022-10-14