[XSA-406] Arm guests can cause Dom0 DoS via PV devices
ISSUE DESCRIPTION
When mapping pages of guests on Arm, dom0 is using an rbtree to keep
track of the foreign mappings.
Updating of that rbtree is not always done completely with the related
lock held, resulting in a small race window, which can be used by
unprivileged guests via PV devices to cause inconsistencies of the
rbtree. These inconsistencies can lead to Denial of Service (DoS) of
dom0, e.g. by causing crashes or the inability to perform further
mappings of other guests' memory pages.
IMPACT
A guest performing multiple I/Os of PV devices in parallel can cause
DoS of dom0 and thus of the complete host.
VULNERABLE SYSTEMS
Only Arm systems (32-bit and 64-bit) are vulnerable. Dom0 Linux versions
3.13 - 5.18 are vulnerable.
X86 systems are not vulnerable.
Package | Affected Version |
---|---|
pkg:generic/xen | = 3.13 |
pkg:generic/xen | = 5.19-rc |
- ID
- XSA-406
- Severity
- medium
- Severity from
- CVE-2022-33744
- URL
- http://xenbits.xen.org/xsa/advisory-406.html
- Published
-
2022-07-05T10:44:00
(2 years ago) - Modified
-
2022-07-05T10:44:00
(2 years ago) - Rights
- Xen Project
- Other Advisories
-
- ALAS-2022-1624
- ALAS2-2022-1825
- ALPINE:CVE-2022-33744
- DSA-5191-1
- MS:CVE-2022-33744
- SSA:2022-237-02
- USN-5623-1
- USN-5624-1
- USN-5633-1
- USN-5635-1
- USN-5640-1
- USN-5644-1
- USN-5648-1
- USN-5655-1
- USN-5668-1
- USN-5669-1
- USN-5669-2
- USN-5677-1
- USN-5678-1
- USN-5679-1
- USN-5682-1
- USN-5683-1
- USN-5684-1
- USN-5687-1
- USN-5695-1
- USN-5706-1
Source | # ID | Name | URL |
---|---|---|---|
Xen Project | XSA-406 | Security Advisory | http://xenbits.xen.org/xsa/advisory-406.html |
Xen Project | XSA-406 | Signed Security Advisory | http://xenbits.xen.org/xsa/advisory-406.txt |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:generic/xen | xen | = 3.13 | ||||
Affected | pkg:generic/xen | xen | = 5.19-rc |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |