x86/HVM Cache Attribute Mismanagement in Xen Products
CVE-2022-42334

6.5MEDIUM

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 21 March 2023

What is CVE-2022-42334?

The vulnerability in the Xen Hypervisor arises from improper handling of pinned cache attributes for HVM guests with passed-through devices. An exposed interface intended to control cachability settings can be exploited by entities with limited privileges, such as qemu in Dom0 or in a stub-domain. This leads to unbounded control over cache regions and inadequate serialization during their installation and removal, which may compromise the integrity and security of virtualized environments.

Affected Version(s)

xen consult Xen advisory XSA-428

References

https://xenbits.xenproject.org/xsa/advisory-428.txt

http://xenbits.xen.org/xsa/advisory-428.html

http://www.openwall.com/lists/oss-security/2023/03/21/2

mailing-list

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Oct 3, 2022

Credit

{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'Aspects of this issue were discovered by Andrew Cooper of XenServer and\nJan Beulich of SUSE.'}]}}}

Xen Project

What is CVE-2022-42334?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit