CVE-2022-33745 — XEN vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 79.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedJul 26

Latest updateJul 27

Description

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶debiandebian/xen< xen 4.16.2-1 (bookworm)

▶Debianxen/xen< 4.14.5+86-g1c354767d5-1+3

Also affects: Debian Linux 11.0, Fedora 35, 36

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-f5vc-gmmj-gpp6: insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may b↗2022-07-27

▶

OSV

CVE-2022-33745: insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may b↗2022-07-26

▶

📋Vendor Advisories

Debian

CVE-2022-33745: xen - insufficient TLB flush for x86 PV guests in shadow mode For migration as well as...↗2022

▶