QwikSec

Security Database

CVE

CWE

Training

CVE-2022-33748

Published: Oct 11, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU.

Vendor	Product	Versions
Xen	xen	unknown `consult Xen advisory XSA-411`

References

https://xenbits.xenproject.org/xsa/advisory-411.txt

http://xenbits.xen.org/xsa/advisory-411.html

[oss-security] 20221011 Xen Security Advisory 411 v3 (CVE-2022-33748) - lock order inversion in transitive grant copy handling

mailing-list

FEDORA-2022-5b594b82ac

vendor-advisory

vendor-advisory

FEDORA-2022-d80cc73088

vendor-advisory

FEDORA-2022-99af00f60e

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.