VDB
CVE-2022-33748
CVE-2022-33748
PUBLISHED
In Xen und Citrix Hypervisor existieren mehrere Schwachstellen. Die Fehler bestehen in der Erschöpfung des Arbeitsspeichers, dem vorübergehenden Blockieren der CPU, einem eingebauten Denial of Service, dem Blockieren von Verbindungen zur XAPI-HTTP-Schnittstelle und der Unterbrechung laufender Operationen. Ein Angreifer aus dem angrenzenden Netzwerk kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand auszulösen.
EPSS 0.04% · 12.0th percentile
Risk Scores
EPSS Score
0.04%
12.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Gentoo Linux | |
| Open Source | Open Source Xen xsa413 | |
| Open Source | Open Source Xen 4.14.x | |
| Open Source | Open Source Xen 4.16.x | |
| Debian | Debian Linux | |
| Open Source | Open Source Xen 4.15.x | |
| Citrix Systems | Citrix Systems Hypervisor 8.2 LTSR CU1 | |
| SUSE | SUSE Linux | |
| Open Source | Open Source Xen 4.13.x |
Timeline
- Oct 11, 2022 CVE Published
- Oct 12, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Feb 21, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 6, 2023 EPSS Score
- May 20, 2023 EPSS Score
- Jul 3, 2023 EPSS Score
- Aug 16, 2023 EPSS Score
- Sep 29, 2023 EPSS Score
- Nov 12, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1680.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1680 advisory
- https://xenbits.xen.org/xsa/advisory-409.html advisory
- https://xenbits.xen.org/xsa/advisory-410.html advisory
- https://xenbits.xen.org/xsa/advisory-411.html advisory
- https://xenbits.xen.org/xsa/advisory-413.html advisory
- https://support.citrix.com/article/CTX465146/citrix-hypervisor-security-bulletin-for-cve202233748-cve202233749 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-October/012580.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-October/012670.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-October/012667.html advisory
- https://lists.debian.org/debian-security-announce/2022/msg00242.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012859.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012866.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012906.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012910.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012939.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012964.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/013122.html advisory
- https://oss.oracle.com/pipermail/oraclevm-errata/2022-December/001065.html advisory
- https://security.gentoo.org/glsa/202402-07 advisory