Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-33745

UNKNOWN
Published 2022-07-26T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-33745. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Xen

xen

Affected Versions:

consult Xen advisory XSA-408

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-f5vc-gmmj-gpp6

Advisory Details

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-33745
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS
WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM
WEB https://www.debian.org/security/2022/dsa-5272
WEB https://xenbits.xenproject.org/xsa/advisory-408.txt
WEB http://www.openwall.com/lists/oss-security/2022/07/26/2
WEB http://www.openwall.com/lists/oss-security/2022/07/26/3
WEB http://xenbits.xen.org/xsa/advisory-408.html

Advisory provided by GitHub Security Advisory Database. Published: July 27, 2022, Modified: August 3, 2022

References

https://xenbits.xenproject.org/xsa/advisory-408.txt
http://xenbits.xen.org/xsa/advisory-408.html
http://www.openwall.com/lists/oss-security/2022/07/26/2
http://www.openwall.com/lists/oss-security/2022/07/26/3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/
https://www.debian.org/security/2022/dsa-5272
Published: 2022-07-26T00:00:00
Last Modified: 2024-08-03T08:09:22.681Z
Copied to clipboard!