{"api_version":"1","generated_at":"2026-04-23T00:19:56+00:00","cve":"CVE-2022-33743","urls":{"html":"https://cve.report/CVE-2022-33743","api":"https://cve.report/api/cve/CVE-2022-33743.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-33743","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-33743"},"summary":{"title":"CVE-2022-33743","description":"network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.","state":"PUBLIC","assigner":"security@xen.org","published_at":"2022-07-05 13:15:00","updated_at":"2022-11-05 03:06:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2022/07/05/5","name":"[oss-security] 20220705 Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs","refsource":"MLIST","tags":[],"title":"oss-security - Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend\n may cause Linux netfront to use freed SKBs","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://xenbits.xenproject.org/xsa/advisory-405.txt","name":"https://xenbits.xenproject.org/xsa/advisory-405.txt","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2022/dsa-5191","name":"DSA-5191","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5191-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://xenbits.xen.org/xsa/advisory-405.html","name":"http://xenbits.xen.org/xsa/advisory-405.html","refsource":"CONFIRM","tags":[],"title":"XSA-405 - Xen Security Advisories","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-33743","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-33743","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Array","lang":""}],"nvd_cpes":[{"cve_year":"2022","cve_id":"33743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"33743","vulnerable":"1","versionEndIncluding":"5.18","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"33743","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"xen","cpe5":"xen","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-33743","qid":"160583","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-2458)"},{"cve":"CVE-2022-33743","qid":"180900","title":"Debian Security Update for linux (DSA 5191-1)"},{"cve":"CVE-2022-33743","qid":"183403","title":"Debian Security Update for linux (CVE-2022-33743)"},{"cve":"CVE-2022-33743","qid":"198948","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5624-1)"},{"cve":"CVE-2022-33743","qid":"198950","title":"Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5623-1)"},{"cve":"CVE-2022-33743","qid":"198953","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5633-1)"},{"cve":"CVE-2022-33743","qid":"198958","title":"Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5635-1)"},{"cve":"CVE-2022-33743","qid":"198960","title":"Ubuntu Security Notification for Linux kernel (Oracle) Vulnerabilities (USN-5640-1)"},{"cve":"CVE-2022-33743","qid":"198964","title":"Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5644-1)"},{"cve":"CVE-2022-33743","qid":"198967","title":"Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5648-1)"},{"cve":"CVE-2022-33743","qid":"198972","title":"Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5655-1)"},{"cve":"CVE-2022-33743","qid":"198989","title":"Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-5683-1)"},{"cve":"CVE-2022-33743","qid":"199073","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5773-1)"},{"cve":"CVE-2022-33743","qid":"199084","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5789-1)"},{"cve":"CVE-2022-33743","qid":"241417","title":"Red Hat Update for kernel security (RHSA-2023:2458)"},{"cve":"CVE-2022-33743","qid":"241468","title":"Red Hat Update for kernel-rt (RHSA-2023:2148)"},{"cve":"CVE-2022-33743","qid":"354016","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-018"},{"cve":"CVE-2022-33743","qid":"354020","title":"Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.15-2022-005"},{"cve":"CVE-2022-33743","qid":"354270","title":"Amazon Linux Security Advisory for kernel : ALAS2022-2022-114"},{"cve":"CVE-2022-33743","qid":"354468","title":"Amazon Linux Security Advisory for kernel : ALAS2022-2022-185"},{"cve":"CVE-2022-33743","qid":"354542","title":"Amazon Linux Security Advisory for kernel : ALAS-2022-185"},{"cve":"CVE-2022-33743","qid":"355199","title":"Amazon Linux Security Advisory for kernel : ALAS2023-2023-070"},{"cve":"CVE-2022-33743","qid":"377117","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0158)"},{"cve":"CVE-2022-33743","qid":"502600","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-33743","qid":"503695","title":"Alpine Linux Security Update for xen"},{"cve":"CVE-2022-33743","qid":"6140354","title":"AWS Bottlerocket Security Update for kernel (GHSA-w8jq-c399-98rh)"},{"cve":"CVE-2022-33743","qid":"752370","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2520-1)"},{"cve":"CVE-2022-33743","qid":"753148","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2615-1)"},{"cve":"CVE-2022-33743","qid":"753491","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) (SUSE-SU-2022:2854-1)"},{"cve":"CVE-2022-33743","qid":"902459","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10122)"},{"cve":"CVE-2022-33743","qid":"902466","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10103)"},{"cve":"CVE-2022-33743","qid":"902518","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10107)"},{"cve":"CVE-2022-33743","qid":"904115","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10107-1)"},{"cve":"CVE-2022-33743","qid":"904196","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10120-1)"},{"cve":"CVE-2022-33743","qid":"906196","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10120-2)"},{"cve":"CVE-2022-33743","qid":"906452","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10107-2)"},{"cve":"CVE-2022-33743","qid":"941023","title":"AlmaLinux Security Update for kernel (ALSA-2023:2458)"},{"cve":"CVE-2022-33743","qid":"941061","title":"AlmaLinux Security Update for kernel-rt (ALSA-2023:2148)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@xen.org","ID":"CVE-2022-33743","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Linux","version":{"version_data":[{"version_affected":"?","version_value":"consult Xen advisory XSA-405"}]}}]},"vendor_name":"Linux"}]}},"configuration":{"configuration_data":{"description":{"description_data":[{"lang":"eng","value":"Linux versions 5.9 - 5.18 are vulnerable.  Linux versions 5.8 and\nearlier are not vulnerable.\n\nThis vulnerability only increases the capability of an attacker in systems\nwith less than fully privileged network backends (e.g. network driver\ndomains).  For systems where netback runs in dom0 (the default\nconfiguration), this vulnerability does not increase the capabilities of\nan attacker."}]}}},"credit":{"credit_data":{"description":{"description_data":[{"lang":"eng","value":"This issue was discovered by Jan Beulich of SUSE."}]}}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed."}]},"impact":{"impact_data":{"description":{"description_data":[{"lang":"eng","value":"A misbehaving or malicious backend may cause a Denial of Service (DoS)\nin the guest.  Information leaks or privilege escalation cannot be\nruled out."}]}}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"unknown"}]}]},"references":{"reference_data":[{"url":"https://xenbits.xenproject.org/xsa/advisory-405.txt","refsource":"MISC","name":"https://xenbits.xenproject.org/xsa/advisory-405.txt"},{"refsource":"CONFIRM","name":"http://xenbits.xen.org/xsa/advisory-405.html","url":"http://xenbits.xen.org/xsa/advisory-405.html"},{"refsource":"MLIST","name":"[oss-security] 20220705 Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs","url":"http://www.openwall.com/lists/oss-security/2022/07/05/5"},{"refsource":"DEBIAN","name":"DSA-5191","url":"https://www.debian.org/security/2022/dsa-5191"}]},"workaround":{"workaround_data":{"description":{"description_data":[{"lang":"eng","value":"There is no mitigation available other than not using PV devices in case\na backend is suspected to be potentially malicious."}]}}}},"nvd":{"publishedDate":"2022-07-05 13:15:00","lastModifiedDate":"2022-11-05 03:06:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.9","versionEndIncluding":"5.18","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}