CVE-2022-33740

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 05-07-2022 03:15

Last modified: - 27-07-2022 01:15

Total changes: - 5

Description

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

7.1

Base score

1.8

5.2

Exploitability score

Impact score

Verification logic

Reference

https://xenbits.xenproject.org/xsa/advisory-403.txt
http://xenbits.xen.org/xsa/advisory-403.html
[oss-security] 20220705 Xen Security Advisory 403 v3 (CVE-2022-26365,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742) - Linux disk/nic frontends data leaks-Mailing List, Patch, Third Party Advisory
FEDORA-2022-c4ec706488-Mailing List, Third Party Advisory
FEDORA-2022-2c9f8224f8-
DSA-5191-

Keywords

CVE-2022-33740

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-33740

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures