nvd-json-data-feeds/CVE-2022/CVE-2022-337xx/CVE-2022-33745.json

{
  "id": "CVE-2022-33745",
  "sourceIdentifier": "security@xen.org",
  "published": "2022-07-26T13:15:10.003",
  "lastModified": "2023-11-07T03:48:22.143",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary."
    },
    {
      "lang": "es",
      "value": "Un vaciado insuficiente del TLB para hu\u00e9spedes x86 PV en modo de sombra Para la migraci\u00f3n, as\u00ed como para trabajar en torno a los kernels que no son conscientes de L1TF (v\u00e9ase XSA-273), los hu\u00e9spedes PV pueden ejecutarse en modo de paginaci\u00f3n de sombra. Para abordar XSA-401, el c\u00f3digo fue movido dentro de una funci\u00f3n en Xen. Este movimiento de c\u00f3digo pas\u00f3 por alto una variable que cambiaba de significado/valor entre las posiciones de c\u00f3digo antiguas y nuevas. El uso ahora err\u00f3neo de la variable conllevaba a una condici\u00f3n err\u00f3nea de vaciado de la TLB, omitiendo el vaciado cuando era necesario."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*",
              "matchCriteriaId": "EF4E17C2-244F-4E5A-A5F8-4626CD1AC11A"
            }
          ]
        }
      ]
    },
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.openwall.com/lists/oss-security/2022/07/26/2",
      "source": "security@xen.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2022/07/26/3",
      "source": "security@xen.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://xenbits.xen.org/xsa/advisory-408.html",
      "source": "security@xen.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HUFIMNGYP5VQAA6KE3T2I5GW6UP6F7BS/",
      "source": "security@xen.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYI3OMJ7RIZNL3C6GUWNANNPEUUID6FM/",
      "source": "security@xen.org"
    },
    {
      "url": "https://www.debian.org/security/2022/dsa-5272",
      "source": "security@xen.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://xenbits.xenproject.org/xsa/advisory-408.txt",
      "source": "security@xen.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}