Debian Bug report logs -
#1021668
xen: CVE-2022-33749 CVE-2022-33748 CVE-2022-33747 CVE-2022-33746
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#1021668; Package src:xen.
(Wed, 12 Oct 2022 17:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Wed, 12 Oct 2022 17:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: xen
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for xen.
CVE-2022-33749[0]:
| XAPI open file limit DoS It is possible for an unauthenticated client
| on the network to cause XAPI to hit its file-descriptor limit. This
| causes XAPI to be unable to accept new requests for other (trusted)
| clients, and blocks XAPI from carrying out any tasks that require the
| opening of file descriptors.
https://xenbits.xen.org/xsa/advisory-413.html
CVE-2022-33748[1]:
| lock order inversion in transitive grant copy handling As part of
| XSA-226 a missing cleanup call was inserted on an error handling path.
| While doing so, locking requirements were not paid attention to. As a
| result two cooperating guests granting each other transitive grants
| can cause locks to be acquired nested within one another, but in
| respectively opposite order. With suitable timing between the involved
| grant copy operations this may result in the locking up of a CPU.
https://xenbits.xen.org/xsa/advisory-411.html
CVE-2022-33747[2]:
| Arm: unbounded memory consumption for 2nd-level page tables Certain
| actions require e.g. removing pages from a guest's P2M (Physical-to-
| Machine) mapping. When large pages are in use to map guest pages in
| the 2nd-stage page tables, such a removal operation may incur a memory
| allocation (to replace a large mapping with individual smaller ones).
| These memory allocations are taken from the global memory pool. A
| malicious guest might be able to cause the global memory pool to be
| exhausted by manipulating its own P2M mappings.
https://xenbits.xen.org/xsa/advisory-409.html
CVE-2022-33746[3]:
| P2M pool freeing may take excessively long The P2M pool backing second
| level address translation for guests may be of significant size.
| Therefore its freeing may take more time than is reasonable without
| intermediate preemption checks. Such checking for the need to preempt
| was so far missing.
https://xenbits.xen.org/xsa/advisory-410.html
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-33749
https://www.cve.org/CVERecord?id=CVE-2022-33749
[1] https://security-tracker.debian.org/tracker/CVE-2022-33748
https://www.cve.org/CVERecord?id=CVE-2022-33748
[2] https://security-tracker.debian.org/tracker/CVE-2022-33747
https://www.cve.org/CVERecord?id=CVE-2022-33747
[3] https://security-tracker.debian.org/tracker/CVE-2022-33746
https://www.cve.org/CVERecord?id=CVE-2022-33746
Please adjust the affected versions in the BTS as needed.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>:
Bug#1021668; Package src:xen.
(Wed, 12 Oct 2022 20:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Xen Team <pkg-xen-devel@lists.alioth.debian.org>.
(Wed, 12 Oct 2022 20:03:03 GMT) (full text, mbox, link).
Message #10 received at 1021668@bugs.debian.org (full text, mbox, reply):
Hi,
On Wed, Oct 12, 2022 at 07:38:17PM +0200, Moritz Mühlenhoff wrote:
> Source: xen
> X-Debbugs-CC: team@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for xen.
>
> CVE-2022-33749[0]:
> | XAPI open file limit DoS It is possible for an unauthenticated client
> | on the network to cause XAPI to hit its file-descriptor limit. This
> | causes XAPI to be unable to accept new requests for other (trusted)
> | clients, and blocks XAPI from carrying out any tasks that require the
> | opening of file descriptors.
>
> https://xenbits.xen.org/xsa/advisory-413.html
FTR, I think this should not be tracked for src:xen (and upated the
security-tracker already earlier), as it is for xapi (not found in
src:xen but in the earlier removed src:xen-api).
Regards,
Salvatore
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 12 Oct 2022 20:03:06 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Oct 13 13:23:24 2022;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon