Vulnerability Description
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | >= 4.12.0 |
| Fedoraproject | Fedora | 34 |
| Debian | Debian Linux | 11.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/01/25/2Mailing ListPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202208-23Third Party Advisory
- https://www.debian.org/security/2022/dsa-5117Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-393.txtVendor Advisory
- http://www.openwall.com/lists/oss-security/2022/01/25/2Mailing ListPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202208-23Third Party Advisory
- https://www.debian.org/security/2022/dsa-5117Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-393.txtVendor Advisory
FAQ
What is CVE-2022-23033?
CVE-2022-23033 is a vulnerability with a CVSS score of 7.8 (HIGH). arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_e...
How severe is CVE-2022-23033?
CVE-2022-23033 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23033?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Fedoraproject Fedora, Debian Debian Linux.