{ "CVE_data_meta": { "ASSIGNER": "security@xen.org", "ID": "CVE-2022-33742", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux", "version": { "version_data": [ { "version_affected": "?", "version_value": "consult Xen advisory XSA-403" } ] } } ] }, "vendor_name": "Linux" }, { "product": { "product_data": [ { "product_name": "xen", "version": { "version_data": [ { "version_affected": "?", "version_value": "consult Xen advisory XSA-403" } ] } } ] }, "vendor_name": "Xen" } ] } }, "configuration": { "configuration_data": { "description": { "description_data": [ { "lang": "eng", "value": "All Linux guests using PV devices are vulnerable in case potentially\nmalicious PV device backends are being used." } ] } } }, "credit": { "credit_data": { "description": { "description_data": [ { "lang": "eng", "value": "The issue related to not zeroing memory areas used for shared communications\nwas discovered by Roger Pau Monn\u00e9 of Citrix.\n\nThe issue related to leaking contiguous data in granted pages was disclosed\npublicly." } ] } } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742)." } ] }, "impact": { "impact_data": { "description": { "description_data": [ { "lang": "eng", "value": "An untrusted backend can access data not intended to be shared. If such\nmappings are made with write permissions the backend could also cause\nmalfunctions and/or crashes to consumers of contiguous data in the shared\npages." } ] } } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "unknown" } ] } ] }, "references": { "reference_data": [ { "url": "https://xenbits.xenproject.org/xsa/advisory-403.txt", "refsource": "MISC", "name": "https://xenbits.xenproject.org/xsa/advisory-403.txt" }, { "refsource": "CONFIRM", "name": "http://xenbits.xen.org/xsa/advisory-403.html", "url": "http://xenbits.xen.org/xsa/advisory-403.html" }, { "refsource": "MLIST", "name": "[oss-security] 20220705 Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks", "url": "http://www.openwall.com/lists/oss-security/2022/07/05/6" }, { "refsource": "FEDORA", "name": "FEDORA-2022-c4ec706488", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/" }, { "refsource": "FEDORA", "name": "FEDORA-2022-2c9f8224f8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/" }, { "refsource": "DEBIAN", "name": "DSA-5191", "url": "https://www.debian.org/security/2022/dsa-5191" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html" } ] }, "workaround": { "workaround_data": { "description": { "description_data": [ { "lang": "eng", "value": "There is no mitigation available other than not using PV devices in case\na backend is suspected to be potentially malicious." } ] } } } }