Memory Access Vulnerability in Arm Architecture for Xen Hypervisor
CVE-2022-23033

7.8HIGH

Key Information:

Vendor: Xen Project
Status: Xen
Vendor: CVE Published:; 25 January 2022

What is CVE-2022-23033?

This vulnerability allows an attacker with access to a guest operating system running on an Arm architecture to exploit flaws in the p2m pagetable handling within the Xen Hypervisor. Due to improper clearing of pagetable entries, particularly when the valid bit is not set, an attacker can retain access to memory pages even after they are supposed to be freed and reused by Xen for different purposes. By leveraging this flaw, a guest OS may inadvertently retain access to previously allocated memory, potentially leading to unauthorized data access and compromise of both security and stability within the virtualized environment.

Affected Version(s)

xen consult Xen advisory XSA-393

References

https://xenbits.xenproject.org/xsa/advisory-393.txt

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2022/01/25/2

mailing-listx_refsource_MLIST

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jan 10, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Dmytro Firsov of EPAM.'}]}}}

Xen Project

What is CVE-2022-23033?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit