Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-26365)
Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information (guest kernel memory). (CVE-2022-33740)
It was discovered that the Xen paravirtualization frontend in the Linux kernel incorrectly shared unrelated data when communicating with certain backends. A local attacker could use this to cause a denial of service (guest crash) or expose sensitive information (guest kernel memory). (CVE-2022-33741)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "binary_name": "linux-aws-cloud-tools-4.4.0-1112", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-aws-headers-4.4.0-1112", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-aws-tools-4.4.0-1112", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-buildinfo-4.4.0-1112-aws", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-cloud-tools-4.4.0-1112-aws", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-headers-4.4.0-1112-aws", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-image-4.4.0-1112-aws", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-modules-4.4.0-1112-aws", "binary_version": "4.4.0-1112.118" }, { "binary_name": "linux-tools-4.4.0-1112-aws", "binary_version": "4.4.0-1112.118" } ] }
{ "cves": [ { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2022-26365" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2022-33740" }, { "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "type": "CVSS_V3" }, { "score": "medium", "type": "Ubuntu" } ], "id": "CVE-2022-33741" } ], "ecosystem": "Ubuntu:Pro:14.04:LTS" }