Xen · Xen · CVE-2022-23033
**Name of the Vulnerable Software and Affected Versions**
Xen (affected versions not specified)
**Description**
The issue arises from the functions `p2m remove mapping`, `guest physmap remove page`, and `p2m set entry` with `mfn` set to `INVALID MFN` not clearing the pagetable entry if it doesn't have the valid bit set. This can occur when a guest operating system uses set/way cache maintenance instructions, potentially allowing a guest to retain access to memory pages after they have been reused by Xen. For example, a guest may issue a set/way cache maintenance instruction and then call the `XENMEM decrease reservation` hypercall to return memory pages to Xen, yet still access those pages after Xen has started reusing them.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.