Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2022-42334

Published: 21/03/2023 Updated: 04/02/2024
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 0
Subscribe to Xen

Vulnerability Summary

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).

Vulnerable Product Search on Vulmon Subscribe to Product

xen xen

debian debian linux 11.0

fedoraproject fedora 37

fedoraproject fedora 38

Vendor Advisories

Debian CVElist Bug Report Logs: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
Debian Bug report logs - #1033297 xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 Package: src:xen; Maintainer for src:xen is Debian Xen Team <pkg-xen-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 21 Mar 2023 20:24:02 UTC Severity: grave Tags: securi ...
Debian Security Advisories: DSA-5378-1 xen -- security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks For the stable distribution (bullseye), these problems have been fixed in version 4145+94-ge49571868d-1 We recommend that you upgrade your xen packages For the detailed security status of xen p ...

References

CWE-770https://xenbits.xenproject.org/xsa/advisory-428.txthttp://xenbits.xen.org/xsa/advisory-428.htmlhttp://www.openwall.com/lists/oss-security/2023/03/21/2https://www.debian.org/security/2023/dsa-5378https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L6PM4RE7MUE6OWA32ZVOXCP235RM2TM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APBMS2Q6746AXAFAITNJMGBNFGNMVLWR/https://security.gentoo.org/glsa/202402-07https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033297https://www.debian.org/security/2023/dsa-5378https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook