What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-42336.

What is the severity rating of this vulnerability?

The severity rating of CVE-2022-42336 is low, with a severity value of 3.3.

What software is affected by this vulnerability?

The Xen Xen software version 4.17 is affected by CVE-2022-42336.

What is the impact of this vulnerability?

The impact of CVE-2022-42336 is not specified in the provided information.

Where can I find more information about this vulnerability?

You can find more information about CVE-2022-42336 at the following references: - [Fedora Project Announcement](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTO3U3WYLAZW3KLPKJZ332FYUREXPZMQ/) - [Xen Project Advisory-431](https://xenbits.xenproject.org/xsa/advisory-431.txt)

Vulnerability/
CVE-2022-42336

low

3.3

17/5/2023

27/5/2023

CVE-2022-42336

First published: Wed May 17 2023(Updated: )

Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active.

Credit: security@xen.org

Affected Software	Affected Version	How to fix
Xen Xen	=4.17

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-42336.
What is the severity rating of this vulnerability?
The severity rating of CVE-2022-42336 is low, with a severity value of 3.3.
What software is affected by this vulnerability?
The Xen Xen software version 4.17 is affected by CVE-2022-42336.
What is the impact of this vulnerability?
The impact of CVE-2022-42336 is not specified in the provided information.
Where can I find more information about this vulnerability?
You can find more information about CVE-2022-42336 at the following references: - [Fedora Project Announcement](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LTO3U3WYLAZW3KLPKJZ332FYUREXPZMQ/) - [Xen Project Advisory-431](https://xenbits.xenproject.org/xsa/advisory-431.txt)

collector/nvd-index
agent/severity
agent/references
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/xen
canonical/xen xen
version/xen xen/4.17

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.