VDB

ALPINE-CVE-2022-33745

ALPINE-CVE-2022-33745 PUBLISHED CVSS 8.800000190734863 HIGH

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.13xen4.13.0-r0, 4.7.0-r2, 4.7.0-r1
Alpine:v3.15xen4.15.0-r0, 4.14.1-r4, 4.14.1-r3
Alpine:v3.14xen4.2.0-r4, 0, 4.9.1-r3
Alpine:v3.22xen0, 4.0.1-r0, 4.0.1-r1
Alpine:v3.21xen4.16.1-r4, 0, 4.0.1-r0
Alpine:v3.24xen0
Alpine:v3.19xen0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.18xen4.9.0-r6, 4.9.0-r5, 4.9.0-r4
Alpine:v3.20xen4.8.1-r3, 4.2.2-r4, 4.2.2-r3
Alpine:v3.23xen4.9.1-r1, 4.2.2-r6, 4.2.2-r7
Alpine:v3.17xen4.2.1-r9, 4.2.1-r8, 4.2.1-r7

Timeline

  • Jul 26, 2022 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›