Vulnerability Description
x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | 4.17.0 |
| Fedoraproject | Fedora | 38 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/04/25/1Mailing ListThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-430.htmlPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202402-07
- https://xenbits.xenproject.org/xsa/advisory-430.txtPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2023/04/25/1Mailing ListThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-430.htmlPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202402-07
- https://xenbits.xenproject.org/xsa/advisory-430.txtPatchVendor Advisory
FAQ
What is CVE-2022-42335?
CVE-2022-42335 is a vulnerability with a CVSS score of 7.8 (HIGH). x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called...
How severe is CVE-2022-42335?
CVE-2022-42335 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42335?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Fedoraproject Fedora.