Unintended Memory Sharing Vulnerability in Intel x86 Systems Affecting Xen Hypervisor
CVE-2022-42327

7.1HIGH

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 1 November 2022

What is CVE-2022-42327?

This vulnerability involves unintended memory sharing between virtualized guests on Intel systems that have the 'virtualize APIC accesses' feature enabled. Specifically, a guest can exploit the situation to read from and write to the globally shared xAPIC page by switching the local APIC out of xAPIC mode. This improper isolation poses significant security risks, as it allows one guest to access sensitive data belonging to another guest, undermining the integrity expected in such isolated environments.

Affected Version(s)

xen consult Xen advisory XSA-412

References

https://xenbits.xenproject.org/xsa/advisory-412.txt

http://xenbits.xen.org/xsa/advisory-412.html

http://www.openwall.com/lists/oss-security/2022/11/01/3

mailing-list

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2022
Vulnerability Reserved
Oct 3, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Andrew Cooper of Citrix.'}]}}}

Xen Project

What is CVE-2022-42327?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit