CVE-2022-42335 — NULL Pointer Dereference in XEN

CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 77.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Fedoraproject Fedora

Timeline

PublishedApr 25

Description

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.17.1+2-gb773c48e36-1 (bookworm)

▶Debianxen/xen< 4.17.1+2-gb773c48e36-1+2

▶NVDxen/xen4.17.0

Also affects: Fedora 38

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xenproject.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

OSV

CVE-2022-42335: x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP↗2023-04-25

▶

GHSA

GHSA-pwx9-2gvj-242v: x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP↗2023-04-25

▶

📋Vendor Advisories

Debian

CVE-2022-42335: xen - x86 shadow paging arbitrary pointer dereference In environments where host assis...↗2022

▶