CVE-2022-42327
HIGHXen - Unintended Memory Sharing Between Guests via xAPIC Page Access
Title source: llmDescription
x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.
References (6)
Core 6
Core References
Patch, Vendor Advisory
http://xenbits.xen.org/xsa/advisory-412.html
Vendor Advisory
https://xenbits.xenproject.org/xsa/advisory-412.txt
Mailing List, Patch, Third Party Advisory mailing-list
http://www.openwall.com/lists/oss-security/2022/11/01/3
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202402-07
Scores
CVSS v3
7.1
EPSS
0.0001
EPSS Percentile
3.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (3)
fedoraproject/fedora
36
fedoraproject/fedora
37
xen/xen
4.16
Published
Nov 01, 2022
Tracked Since
Feb 18, 2026