Home

CVE-2022-23033

Description

arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesnt have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.092

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-debugsource-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-doc-html-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-libs-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-libs-32bit-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-libs-debuginfo-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-libs-debuginfo-32bit-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-tools-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-tools-debuginfo-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-tools-domU-4.12.4_18-3.58.2.x86_64.rpmLinux
SUSE-SU-2022:0469-1(SUSE Linux Enterprise Server 12-SP5 ) xen-tools-domU-debuginfo-4.12.4_18-3.58.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234