CVE-2022-33746
First published: Tue Oct 11 2022(Updated: )
P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.
Credit: security@xen.org security@xen.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/xen | <=4.11.4+107-gef32c7afa2-1 | 4.14.6-1 4.14.5+94-ge49571868d-1 4.17.1+2-gb773c48e36-1 4.17.2+55-g0b56bed864-1 |
| Xen Xen | >=4.13.0<=4.16.1 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| Debian Debian Linux | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://xenbits.xen.org/xsa/advisory-410.html
- https://security-tracker.debian.org/tracker/CVE-2022-33746
- http://www.openwall.com/lists/oss-security/2022/10/11/3
- http://xenbits.xen.org/xsa/advisory-410.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
- https://www.debian.org/security/2022/dsa-5272
- https://xenbits.xenproject.org/xsa/advisory-410.txt
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWSC77GS5NATI3TT7FMVPULUPXR635XQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJOMUNGW6VTK5CZZRLWLVVEOUPEQBRHI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
- https://security.gentoo.org/glsa/202402-07
Frequently Asked Questions
What is the severity of CVE-2022-33746?
The severity of CVE-2022-33746 is medium with a severity value of 6.5.
Which software is affected by CVE-2022-33746?
CVE-2022-33746 affects Xen Xen, Fedoraproject Fedora versions 35, 36, and 37, as well as Debian Debian Linux version 11.0.
How long does the P2M pool freeing take in CVE-2022-33746?
The P2M pool freeing in CVE-2022-33746 may take more time than reasonable without intermediate preemption checks.
How can I fix CVE-2022-33746?
To fix CVE-2022-33746, update to the latest version of the affected software packages: Xen Xen (version 4.14.6-1 or higher), Fedoraproject Fedora (versions 35, 36, or 37), and Debian Debian Linux (version 11.0).
Where can I find more information about CVE-2022-33746?
You can find more information about CVE-2022-33746 in the following references: [Xen advisory](https://xenbits.xen.org/xsa/advisory-410.html), [Debian security tracker](https://security-tracker.debian.org/tracker/CVE-2022-33746), and [Openwall OSS Security mailing list](http://www.openwall.com/lists/oss-security/2022/10/11/3).
- collector/security-tracker-debian
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/tags
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- package-manager/debian
- vendor/xen
- canonical/xen xen
- version/xen xen/4.13.0
- version/xen xen/4.16.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0