Source: xen X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for xen. CVE-2022-33749[0]: | XAPI open file limit DoS It is possible for an unauthenticated client | on the network to cause XAPI to hit its file-descriptor limit. This | causes XAPI to be unable to accept new requests for other (trusted) | clients, and blocks XAPI from carrying out any tasks that require the | opening of file descriptors. https://xenbits.xen.org/xsa/advisory-413.html CVE-2022-33748[1]: | lock order inversion in transitive grant copy handling As part of | XSA-226 a missing cleanup call was inserted on an error handling path. | While doing so, locking requirements were not paid attention to. As a | result two cooperating guests granting each other transitive grants | can cause locks to be acquired nested within one another, but in | respectively opposite order. With suitable timing between the involved | grant copy operations this may result in the locking up of a CPU. https://xenbits.xen.org/xsa/advisory-411.html CVE-2022-33747[2]: | Arm: unbounded memory consumption for 2nd-level page tables Certain | actions require e.g. removing pages from a guest's P2M (Physical-to- | Machine) mapping. When large pages are in use to map guest pages in | the 2nd-stage page tables, such a removal operation may incur a memory | allocation (to replace a large mapping with individual smaller ones). | These memory allocations are taken from the global memory pool. A | malicious guest might be able to cause the global memory pool to be | exhausted by manipulating its own P2M mappings. https://xenbits.xen.org/xsa/advisory-409.html CVE-2022-33746[3]: | P2M pool freeing may take excessively long The P2M pool backing second | level address translation for guests may be of significant size. | Therefore its freeing may take more time than is reasonable without | intermediate preemption checks. Such checking for the need to preempt | was so far missing. https://xenbits.xen.org/xsa/advisory-410.html If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-33749 https://www.cve.org/CVERecord?id=CVE-2022-33749 [1] https://security-tracker.debian.org/tracker/CVE-2022-33748 https://www.cve.org/CVERecord?id=CVE-2022-33748 [2] https://security-tracker.debian.org/tracker/CVE-2022-33747 https://www.cve.org/CVERecord?id=CVE-2022-33747 [3] https://security-tracker.debian.org/tracker/CVE-2022-33746 https://www.cve.org/CVERecord?id=CVE-2022-33746 Please adjust the affected versions in the BTS as needed.
