3.8 - CVE-2022-33747

Executive Summary

Informations
Name	CVE-2022-33747	First vendor Publication	2022-10-11
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Overall CVSS Score	3.8
Base Score	3.8	Environmental Score	3.8
impact SubScore	1.4	Temporal Score	3.8
Exploitabality Sub Score	2

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Changed	Confidentiality Impact	None
Integrity Impact	None	Availability Impact	Low
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33747

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-404	Improper Resource Shutdown or Release

CPE : Common Platform Enumeration

Type	Description	Count
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:11.0:::::::*	1
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::*	3
Os	Xen cpe:2.3:o:xen:xen:::::::arm:*	1

Sources (Detail)

http://www.openwall.com/lists/oss-security/2022/10/11/5
http://xenbits.xen.org/xsa/advisory-409.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202402-07
https://www.debian.org/security/2022/dsa-5272
https://xenbits.xenproject.org/xsa/advisory-409.txt

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 14:12:53	Multiple Updates
2024-02-04 13:28:04	Multiple Updates
2023-11-07 21:31:28	Multiple Updates
2023-08-09 17:27:56	Multiple Updates
2022-12-09 21:27:33	Multiple Updates
2022-11-17 13:10:31	Multiple Updates
2022-11-14 21:27:21	Multiple Updates
2022-11-07 13:27:24	Multiple Updates
2022-10-31 05:27:21	Multiple Updates
2022-10-14 21:27:18	Multiple Updates
2022-10-11 21:27:11	Multiple Updates
2022-10-11 17:27:11	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	5
Sources(s)	8

3.8 - CVE-2022-33747

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU