DEBIAN-CVE-2022-33747

DEBIAN-CVE-2022-33747 PUBLISHED CVSS 3.799999952316284 LOW

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.

Risk Scores

CVSS 3.1

3.799999952316284

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Debian:12	xen	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:13	xen	0, 0, 0
Debian:11	xen	0, 4.14.2+25-gb6a8c4f72d-2, 4.14.3+32-g9de3671772-1

Timeline

Oct 11, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-33747 advisory

Open in Interactive Console →