CVE-2022-42332Use After Free in XEN

CWE-416Use After Free4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 82.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
XENDebian XENDebian Linux+1 more
Timeline
PublishedMar 21

Description

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary da

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/xen< xen 4.17.0+74-g3eac216e6e-1 (bookworm)
Debianxen/xen< 4.14.5+94-ge49571868d-1+3
NVDxen/xen

Also affects: Debian Linux 11.0, Fedora 37, 38

🔴Vulnerability Details

2
OSV
CVE-2022-42332: x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP)2023-03-21
GHSA
GHSA-jg93-x3r7-r8pf: x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP)2023-03-21

📋Vendor Advisories

1
Debian
CVE-2022-42332: xen - x86 shadow plus log-dirty mode use-after-free In environments where host assiste...2022