PT-2022-15800 · Xen+1 · Xen+1

Dmytro Firsov

·

Published

2022-01-25

·

Updated

2024-06-15

·

CVE-2022-23033

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)
Description The issue arises from the functions p2m remove mapping, guest physmap remove page, and p2m set entry with mfn set to INVALID MFN not clearing the pagetable entry if it doesn't have the valid bit set. This can occur when a guest operating system uses set/way cache maintenance instructions, potentially allowing a guest to retain access to memory pages after they have been reused by Xen. For example, a guest may issue a set/way cache maintenance instruction and then call the XENMEM decrease reservation hypercall to return memory pages to Xen, yet still access those pages after Xen has started reusing them.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

CVE-2022-23033
DSA-5117-1
OPENSUSE-SU-2022:0333-1
OPENSUSE-SU-2022_0333-1
OPENSUSE-SU-2024:11781-1
SUSE-SU-2022:0333-1
SUSE-SU-2022:0467-1
SUSE-SU-2022:0468-1
SUSE-SU-2022:0469-1
SUSE-SU-2022_0333-1
SUSE-SU-2022_0467-1
SUSE-SU-2022_0468-1
SUSE-SU-2022_0469-1

Affected Products

Suse
Xen