CVE-2022-33748 — Improper Handling of Exceptional Conditions in XEN

CWE-755 — Improper Handling of Exceptional Conditions4 documents4 sources

Severity

5.6MEDIUMNVD

EPSS

0.0%

top 88.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedOct 11

Description

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.1 | Impact: 4.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.16.2+90-g0d39a6d1ae-1 (bookworm)

▶Debianxen/xen< 4.14.5+86-g1c354767d5-1+3

▶NVDxen/xen

Also affects: Debian Linux 11.0, Fedora 35, 36, 37

Patches

Patch: www.openwall.com ↗Patch: xenbits.xen.org ↗Patch: xenbits.xenproject.org ↗

🔴Vulnerability Details

OSV

CVE-2022-33748: lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path↗2022-10-11

▶

GHSA

GHSA-fqrh-w8r3-22q6: lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path↗2022-10-11

▶

📋Vendor Advisories

Debian

CVE-2022-33748: xen - lock order inversion in transitive grant copy handling As part of XSA-226 a miss...↗2022

▶