UBUNTU-CVE-2022-23033

Source
https://ubuntu.com/security/CVE-2022-23033
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23033.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-23033
Related
Published
2022-01-25T14:15:00Z
Modified
2024-10-15T14:09:46Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

arm: guestphysmapremovepage not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2mremovemapping, guestphysmapremovepage, and p2msetentry with mfn set to INVALIDMFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEMdecrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.

References

Affected packages

Ubuntu:Pro:16.04:LTS / xen

Package

Name
xen
Purl
pkg:deb/ubuntu/xen?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.1-0ubuntu1
4.5.1-0ubuntu2
4.6.0-1ubuntu1
4.6.0-1ubuntu2
4.6.0-1ubuntu4
4.6.0-1ubuntu4.1
4.6.0-1ubuntu4.2
4.6.0-1ubuntu4.3
4.6.5-0ubuntu1
4.6.5-0ubuntu1.1
4.6.5-0ubuntu1.2
4.6.5-0ubuntu1.4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / xen

Package

Name
xen
Purl
pkg:deb/ubuntu/xen?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.0-0ubuntu3
4.9.0-0ubuntu4
4.9.2-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / xen

Package

Name
xen
Purl
pkg:deb/ubuntu/xen?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.9.2-0ubuntu2
4.9.2-0ubuntu6
4.9.2-0ubuntu7
4.11.3+24-g14b62ab3e5-1ubuntu1
4.11.3+24-g14b62ab3e5-1ubuntu2
4.11.3+24-g14b62ab3e5-1ubuntu2.2
4.11.3+24-g14b62ab3e5-1ubuntu2.3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / xen

Package

Name
xen
Purl
pkg:deb/ubuntu/xen?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.11.4+24-gddaaccbbab-1ubuntu2
4.16.0-1~ubuntu2
4.16.0-1~ubuntu2.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / xen

Package

Name
xen
Purl
pkg:deb/ubuntu/xen?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.17.3+10-g091466ba55-1.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / xen

Package

Name
xen
Purl
pkg:deb/ubuntu/xen?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.17.2-1
4.17.2+55-g0b56bed864-1
4.17.2+76-ge1f9cb16e2-1
4.17.2+76-ge1f9cb16e2-1ubuntu1
4.17.3+10-g091466ba55-1
4.17.3+10-g091466ba55-1.1ubuntu2
4.17.3+10-g091466ba55-1.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}