CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-42326 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-42326
01 Nov 2022 — Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updatin... • http://www.openwall.com/lists/oss-security/2022/11/01/11 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42327 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-42327
01 Nov 2022 — x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. x86: intercambio de memoria no deseado entre invitados En los sistemas Intel que admiten la función "virtualizar accesos APIC", un invitado puede leer y escribir la página xAPIC compartida global sac... • http://www.openwall.com/lists/oss-security/2022/11/01/3 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33746 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33746
11 Oct 2022 — P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing. La liberación del pool P2M puede tardar demasiado El pool P2M que respalda la traducción de direcciones de segundo nivel para huéspedes puede tener un tamaño considerable. Por lo tanto, su liberación puede tomar más ti... • http://www.openwall.com/lists/oss-security/2022/10/11/3 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 3.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33747 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33747
11 Oct 2022 — Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own... • http://www.openwall.com/lists/oss-security/2022/10/11/5 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-33748 – Gentoo Linux Security Advisory 202402-07
https://notcve.org/view.php?id=CVE-2022-33748
11 Oct 2022 — lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be acquired nested within one another, but in respectively opposite order. With suitable timing between the involved grant copy operations this may result in the locking up of a CPU. Inversión del orden de bloqueo en e... • http://www.openwall.com/lists/oss-security/2022/10/11/2 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33745 – Debian Security Advisory 5272-1
https://notcve.org/view.php?id=CVE-2022-33745
26 Jul 2022 — insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. Un vaciado insuficiente del TLB para huéspedes x86 PV en... • http://www.openwall.com/lists/oss-security/2022/07/26/2 •
CVSS: 6.5EPSS: 1%CPEs: 250EXPL: 0CVE-2022-29900 – hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions
https://notcve.org/view.php?id=CVE-2022-29900
12 Jul 2022 — Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. Las predicciones de bifurcación mal entrenadas para las instrucciones de retorno pueden permitir la ejecución arbitraria de código especulativo bajo ciertas condiciones dependientes de la microarquitectura A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchi... • https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 6.5EPSS: 0%CPEs: 288EXPL: 0CVE-2022-29901 – Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)
https://notcve.org/view.php?id=CVE-2022-29901
12 Jul 2022 — Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. Las generaciones de microprocesadores Intel 6 a 8 están afectadas por una nueva variante de Spectre que es capaz de omitir su mitigación de retpoline en el kernel para fil... • http://www.openwall.com/lists/oss-security/2022/07/12/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33742 – Ubuntu Security Notice USN-5668-1
https://notcve.org/view.php?id=CVE-2022-33742
05 Jul 2022 — Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backe... • http://www.openwall.com/lists/oss-security/2022/07/05/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 22EXPL: 0CVE-2022-33741 – Ubuntu Security Notice USN-5572-1
https://notcve.org/view.php?id=CVE-2022-33741
05 Jul 2022 — Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backe... • http://www.openwall.com/lists/oss-security/2022/07/05/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •