CVE-2022-33744 — MEDIUM (4.7)

Q: How severe is CVE-2022-33744?

CVE-2022-33744 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-33744?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.

Vulnerability Description

Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.13, <= 5.18
Debian	Debian Linux	10.0

References

http://www.openwall.com/lists/oss-security/2022/07/05/4Mailing ListPatchThird Party Advisory
http://xenbits.xen.org/xsa/advisory-406.htmlPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2022/dsa-5191Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-406.txtVendor Advisory
http://www.openwall.com/lists/oss-security/2022/07/05/4Mailing ListPatchThird Party Advisory
http://xenbits.xen.org/xsa/advisory-406.htmlPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2022/dsa-5191Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-406.txtVendor Advisory

FAQ

What is CVE-2022-33744?

CVE-2022-33744 is a vulnerability with a CVSS score of 4.7 (MEDIUM). Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely w...

How severe is CVE-2022-33744?

CVE-2022-33744 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-33744?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.