PT-2022-5558 · Linux+5 · Linux+5

Oleksandr Tyshchenko

·

Published

2022-06-15

·

Updated

2023-08-14

·

CVE-2022-33744

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux (affected versions not specified) Xen (affected versions not specified)
Description The issue is related to errors in resource release and a potential Denial of Service (DoS) in dom0 caused by Arm guests via PV devices. When mapping pages of guests on Arm, dom0 uses an rbtree to keep track of foreign mappings. However, updating this rbtree is not always done completely with the related lock held, resulting in a small race window. This race window can be exploited by unprivileged guests to cause inconsistencies in the rbtree, leading to crashes or the inability to perform further mappings of other guests' memory pages.
Recommendations For Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Xen, consider restricting access to PV devices for unprivileged guests to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing additional locking mechanisms to prevent inconsistencies in the rbtree.

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALT-PU-2022-2050
ALT-PU-2022-2131
ALT-PU-2022-2152
ALT-PU-2022-2155
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-10108
BDU:2022-06912
CVE-2022-33744
DLA-3131-1
DSA-5191-1
MGASA-2022-0263
MGASA-2022-0264
OESA-2022-1774
USN-5623-1
USN-5624-1
USN-5633-1
USN-5635-1
USN-5640-1
USN-5644-1
USN-5648-1
USN-5655-1
USN-5668-1
USN-5669-1
USN-5669-2
USN-5677-1
USN-5678-1
USN-5679-1
USN-5682-1
USN-5683-1
USN-5684-1
USN-5687-1
USN-5695-1
USN-5706-1

Affected Products

Alt Linux
Astra Linux
Linux
Linuxmint
Ubuntu
Xen