x86/HVM Cache Attribute Mismanagement in Xen Products
CVE-2022-42334

6.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 21 March 2023

🔔 Create Xen Project Vulnerability Alert

What is CVE-2022-42334?

The vulnerability in the Xen Hypervisor arises from improper handling of pinned cache attributes for HVM guests with passed-through devices. An exposed interface intended to control cachability settings can be exploited by entities with limited privileges, such as qemu in Dom0 or in a stub-domain. This leads to unbounded control over cache regions and inadequate serialization during their installation and removal, which may compromise the integrity and security of virtualized environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

xen consult Xen advisory XSA-428

References

https://xenbits.xenproject.org/xsa/advisory-428.txt

http://xenbits.xen.org/xsa/advisory-428.html

http://www.openwall.com/lists/oss-security/2023/03/21/2

mailing-list

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Oct 3, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'Aspects of this issue were discovered by Andrew Cooper of XenServer and\nJan Beulich of SUSE.'}]}}}

JSON

Xen Project

What is CVE-2022-42334?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.