CVE-2022-42336XEN vulnerability

4 documents4 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 83.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
XENDebian XEN
Timeline
PublishedMay 17

Description

Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

debiandebian/xen< xen 4.17.1+2-gb773c48e36-1 (bookworm)
Debianxen/xen< 4.17.1+2-gb773c48e36-1+2
NVDxen/xen4.17

🔴Vulnerability Details

2
OSV
CVE-2022-42336: Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the2023-05-17
GHSA
GHSA-79pv-m8fc-mhfj: Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the2023-05-17

📋Vendor Advisories

1
Debian
CVE-2022-42336: xen - Mishandling of guest SSBD selection on AMD hardware The current logic to set SSB...2022