CVE-2022-33746 — MEDIUM (6.5)

Q: How severe is CVE-2022-33746?

CVE-2022-33746 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-33746?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Fedoraproject Fedora, Debian Debian Linux.

Vulnerability Description

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xen	Xen	>= 4.13.0, <= 4.16.1
Fedoraproject	Fedora	35
Debian	Debian Linux	11.0

Related Weaknesses (CWE)

CWE-404

References

http://www.openwall.com/lists/oss-security/2022/10/11/3Mailing ListMitigationPatch
http://xenbits.xen.org/xsa/advisory-410.htmlMitigationPatchVendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202402-07
https://www.debian.org/security/2022/dsa-5272Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-410.txtMitigationPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2022/10/11/3Mailing ListMitigationPatch
http://xenbits.xen.org/xsa/advisory-410.htmlMitigationPatchVendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202402-07
https://www.debian.org/security/2022/dsa-5272Third Party Advisory

FAQ

What is CVE-2022-33746?

CVE-2022-33746 is a vulnerability with a CVSS score of 6.5 (MEDIUM). P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable with...

How severe is CVE-2022-33746?

CVE-2022-33746 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-33746?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Fedoraproject Fedora, Debian Debian Linux.