StarlingX

[Debian] CVE: CVE-2022-42333 xen: x86/HVM pinned cache attributes mis-handling

Bug #2013012 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Peng Zhang

Bug Description

CVE-2022-42333: https://nvd.nist.gov/vuln/detail/CVE-2022-42333

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).

Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-42333 fixed 8.6 N L N N H

References:
['libxen-dev_4.14.3+32-g9de3671772-1~deb11u1_amd64.deb===>libxen-dev_4.14.5+94-ge49571868d-1_amd64.deb']

CVE References

Yue Tao (wrytao)
information type: Public → Public Security
Changed in starlingx:
status: New → Triaged
importance: Undecided → High
tags: added: stx.9.0 stx.security
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/879219

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/879219
Committed: https://opendev.org/starlingx/tools/commit/de6603e4ad86e2957ccd50dbbbdb88fa3a89634e
Submitter: "Zuul (22348)"
Branch: master

commit de6603e4ad86e2957ccd50dbbbdb88fa3a89634e
Author: Peng <email address hidden>
Date: Sat Apr 1 17:16:44 2023 +0800

    Debian:libxen-dev:fix CVE-2022-42333

    Upgrade libxen-dev to the version that CVE-2022-42333 have been fixed:

    libxen-dev_4.14.3+32-g9de3671772-1~deb11u1_amd64.deb to
    libxen-dev_4.14.5+94-ge49571868d-1_amd64.deb

    And a serial of libxen-dev dependency which are libxenmisc4.14,libxencall1,
    libxendevicemodel1,libxenevtchn1,libxenforeignmemory1,libxengnttab1,
    libxenstore3.0,libxentoolcore1,libxentoollog1,libxenhypfs1 need also be updated.

    This commit provides the URL of the package in base-bullseye.lst to fix x86/HVM
    pinned cache attributes mis-handling.

    (Refer to https://security-tracker.debian.org/tracker/CVE-2022-42333)

    Test plan:
    PASS: build-pkgs --clean --all && build-image

    Closes-bug: 2013012
    Signed-off-by: Peng <email address hidden>
    Change-Id: I9749f16fd839fa5560f0721b6a98a97ddf720b77

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Peng Zhang (pzhang2)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.