CVE-2022-42332

Summary

CVE	CVE-2022-42332
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-03-21 13:15:00 UTC
Updated	2024-02-04 08:15:00 UTC
Description	x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated.

Risk And Classification

Problem Types: CWE-416

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All
Operating System	Xen	Xen	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 37 Update: xen-4.16.3-4.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 38 Update: xen-4.17.0-8.fc38 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
oss-security - Xen Security Advisory 427 v2 (CVE-2022-42332) - x86 shadow plus log-dirty mode use-after-free	MLIST	www.openwall.com
Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security		security.gentoo.org
[SECURITY] Fedora 38 Update: xen-4.17.0-8.fc38 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: xen-4.16.3-4.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
xenbits.xenproject.org/xsa/advisory-427.txt	MISC	xenbits.xenproject.org
XSA-427 - Xen Security Advisories	CONFIRM	xenbits.xen.org
Debian -- Security Information -- DSA-5378-1 xen	DEBIAN	www.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181654 Debian Security Update for xen (DSA 5378-1)
182141 Debian Security Update for xen (CVE-2022-42332)
283819 Fedora Security Update for xen (FEDORA-2023-da8315e641)
283862 Fedora Security Update for xen (FEDORA-2023-04b5338dd0)
284230 Fedora Security Update for xen (FEDORA-2023-703f133eb3)
502992 Alpine Linux Security Update for xen
503145 Alpine Linux Security Update for xen
505966 Alpine Linux Security Update for xen
710858 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)
753820 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2023:0845-1)
753822 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2023:0858-1)
753825 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2023:0847-1)
753827 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2023:0862-1)
753833 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2023:0859-1)