Linux Distros Unpatched Vulnerability : CVE-2022-33748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking...

Fedora 37 : xen (2022-d80cc73088)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d80cc73088 advisory. Arm: unbounded memory consumption for 2nd-level page tables XSA-409, CVE-2022-33747 P2M pool freeing may take excessively long XSA-410, CVE-2022-337...

SUSE CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

Fedora 36 : xen (2022-5b594b82ac)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-5b594b82ac advisory. Arm: unbounded memory consumption for 2nd-level page tables XSA-409, CVE-2022-33747 P2M pool freeing may take excessively long XSA-410, CVE-2022-337...

SUSE SLES12: xen / xen-doc-html / xen-libs / xen-libs-32bit / xen-tools / etc (SUSE-SU-2022:4241-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4241-1 advisory. - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing bsc1203806. - CVE-2022-33748: Fixed DoS due to race in locking...

SUSE SLES12: xen / xen-doc-html / xen-libs / xen-libs-32bit / xen-tools / etc (SUSE-SU-2022:4051-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4051-1 advisory. - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing bsc1203806. - CVE-2022-33748: Fixed DoS due to race in locking bsc1203807....

SUSE SLES15: xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc (SUSE-SU-2022:3971-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3971-1 advisory. - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing bsc1203806. - CVE-2022-33748: Fixed DoS due to race in locking...

SUSE SLES15 Security Update : xen (SUSE-SU-2022:3925-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3925-1 advisory. - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing bsc1203806. - CVE-2022-33748: Fixed DoS due to race in locking...

Debian DSA-5272-1 : xen - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5272 advisory. Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. For the...

SUSE SLES12: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2022:3728-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3728-1 advisory. - CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with...

SUSE SLED15: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2022:3665-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3665-1 advisory. - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing bsc1203806. - CVE-2022-3374...

ALPINE-CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

DEBIAN-CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

CVE-2022-33748

CVE-2022-33748 corresponds to a Xen/XenServer vulnerability where a missing cleanup call on an error path can cause lock order inversion during transitive grant copy handling (XSA-226). This can lead to nested locks acquired in opposite order between two cooperating guests, potentially causing CP...