Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
04 Feb 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:48
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-404 |
09 Dec 2022, 18:52
Type | Values Removed | Values Added |
---|---|---|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5272 - Third Party Advisory | |
First Time |
Debian
Debian debian Linux Fedoraproject Fedoraproject fedora |
|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
17 Nov 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Oct 2022, 23:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Oct 2022, 16:09
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/10/11/5 - Mailing List, Patch, Third Party Advisory | |
References | (CONFIRM) http://xenbits.xen.org/xsa/advisory-409.html - Patch, Vendor Advisory | |
References | (MISC) https://xenbits.xenproject.org/xsa/advisory-409.txt - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.8 |
CWE | CWE-400 | |
First Time |
Xen
Xen xen |
|
CPE | cpe:2.3:o:xen:xen:*:*:*:*:*:*:arm:* |
11 Oct 2022, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Oct 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-11 13:15
Updated : 2024-02-04 08:15
NVD link : CVE-2022-33747
Mitre link : CVE-2022-33747
CVE.ORG link : CVE-2022-33747
JSON object : View
Products Affected
debian
- debian_linux
xen
- xen
fedoraproject
- fedora
CWE
CWE-404
Improper Resource Shutdown or Release