CVE-2022-33746
MEDIUMXen 4.13.0-4.16.0 - Denial of Service via P2M Pool Freeing
Title source: llmDescription
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.
References (8)
Core 8
Core References
Mailing List, Mitigation, Patch, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/10/11/3
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5272
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202402-07
Mitigation, Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-410.html
Mitigation, Patch, Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-410.txt
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
11.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-404
Status
published
Products (5)
debian/debian_linux
11.0
fedoraproject/fedora
35
fedoraproject/fedora
36
fedoraproject/fedora
37
xen/xen
4.13.0 - 4.16.1
Published
Oct 11, 2022
Tracked Since
Feb 18, 2026