Lucene search

K
nvd[email protected]NVD:CVE-2022-33742
HistoryJul 05, 2022 - 1:15 p.m.

CVE-2022-33742

2022-07-0513:15:08
CWE-200
web.nvd.nist.gov
2
linux
disk
frontends
data leaks
memory sharing
vulnerability

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

27.5%

Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don’t zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn’t allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).

Affected configurations

NVD
Node
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
Node
linuxlinux_kernelRange2.6.134.9.322
OR
linuxlinux_kernelRange4.144.14.287
OR
linuxlinux_kernelRange4.194.19.251
OR
linuxlinux_kernelRange5.45.4.204
OR
linuxlinux_kernelRange5.105.10.129
OR
linuxlinux_kernelRange5.155.15.53
OR
linuxlinux_kernelRange5.185.18.10
OR
linuxlinux_kernelMatch2.6.12rc2
OR
linuxlinux_kernelMatch2.6.12rc3
OR
linuxlinux_kernelMatch2.6.12rc4
OR
linuxlinux_kernelMatch2.6.12rc5
OR
linuxlinux_kernelMatch2.6.12rc6
OR
linuxlinux_kernelMatch5.19rc1
OR
linuxlinux_kernelMatch5.19rc2
OR
linuxlinux_kernelMatch5.19rc3
OR
linuxlinux_kernelMatch5.19rc4
OR
linuxlinux_kernelMatch5.19rc5
OR
xenxenMatch-

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS

0.001

Percentile

27.5%