[Pkg-xen-devel] Bug#1021668: xen: CVE-2022-33749 CVE-2022-33748 CVE-2022-33747 CVE-2022-33746
Moritz Mühlenhoff
jmm at inutil.org
Wed Oct 12 18:38:17 BST 2022
Source: xen
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for xen.
CVE-2022-33749[0]:
| XAPI open file limit DoS It is possible for an unauthenticated client
| on the network to cause XAPI to hit its file-descriptor limit. This
| causes XAPI to be unable to accept new requests for other (trusted)
| clients, and blocks XAPI from carrying out any tasks that require the
| opening of file descriptors.
https://xenbits.xen.org/xsa/advisory-413.html
CVE-2022-33748[1]:
| lock order inversion in transitive grant copy handling As part of
| XSA-226 a missing cleanup call was inserted on an error handling path.
| While doing so, locking requirements were not paid attention to. As a
| result two cooperating guests granting each other transitive grants
| can cause locks to be acquired nested within one another, but in
| respectively opposite order. With suitable timing between the involved
| grant copy operations this may result in the locking up of a CPU.
https://xenbits.xen.org/xsa/advisory-411.html
CVE-2022-33747[2]:
| Arm: unbounded memory consumption for 2nd-level page tables Certain
| actions require e.g. removing pages from a guest's P2M (Physical-to-
| Machine) mapping. When large pages are in use to map guest pages in
| the 2nd-stage page tables, such a removal operation may incur a memory
| allocation (to replace a large mapping with individual smaller ones).
| These memory allocations are taken from the global memory pool. A
| malicious guest might be able to cause the global memory pool to be
| exhausted by manipulating its own P2M mappings.
https://xenbits.xen.org/xsa/advisory-409.html
CVE-2022-33746[3]:
| P2M pool freeing may take excessively long The P2M pool backing second
| level address translation for guests may be of significant size.
| Therefore its freeing may take more time than is reasonable without
| intermediate preemption checks. Such checking for the need to preempt
| was so far missing.
https://xenbits.xen.org/xsa/advisory-410.html
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-33749
https://www.cve.org/CVERecord?id=CVE-2022-33749
[1] https://security-tracker.debian.org/tracker/CVE-2022-33748
https://www.cve.org/CVERecord?id=CVE-2022-33748
[2] https://security-tracker.debian.org/tracker/CVE-2022-33747
https://www.cve.org/CVERecord?id=CVE-2022-33747
[3] https://security-tracker.debian.org/tracker/CVE-2022-33746
https://www.cve.org/CVERecord?id=CVE-2022-33746
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-xen-devel
mailing list