QwikSec

Security Database

CVE

CWE

Training

CVE-2022-33747

Published: Oct 11, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.

Vendor	Product	Versions
Xen	xen	unknown `consult Xen advisory XSA-409`

References

https://xenbits.xenproject.org/xsa/advisory-409.txt

http://xenbits.xen.org/xsa/advisory-409.html

[oss-security] 20221011 Xen Security Advisory 409 v3 (CVE-2022-33747) - Arm: unbounded memory consumption for 2nd-level page tables

mailing-list

FEDORA-2022-5b594b82ac

vendor-advisory

vendor-advisory

FEDORA-2022-d80cc73088

vendor-advisory

FEDORA-2022-99af00f60e

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.