CVE-2022-23033
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.
EPSS 0.09% · 26.0th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| debian | debian_linux | 11.0 |
| xen | xen | 4.12.0 |
| Xen | xen | consult Xen advisory XSA-393 |
| fedoraproject | fedora | 34 |
Exploit Intelligence
Timeline
- Jan 25, 2022 CVE Published
- Feb 8, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Sep 7, 2022 EPSS Score
- Oct 29, 2022 EPSS Score
- Dec 21, 2022 EPSS Score
- Feb 11, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 5, 2023 EPSS Score
- May 27, 2023 EPSS Score
References
- https://xenbits.xenproject.org/xsa/advisory-393.txt url
- [oss-security] 20220125 Xen Security Advisory 393 v2 (CVE-2022-23033) - arm: guest_physmap_remove_page not removing the p2m mappings mailing-list
- FEDORA-2022-0cc3916e08 vendor-advisory
- DSA-5117 vendor-advisory
- GLSA-202208-23 vendor-advisory
- https://xenbits.xen.org/xsa/advisory-393.html advisory
- https://xenbits.xen.org/xsa/advisory-394.html advisory
- https://xenbits.xen.org/xsa/advisory-395.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-23033 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OMR6UBGJW6JKND7IILGQ2CU35EQPF3E3 url