CVE-2022-23034

Severity CVSS v4.0:
Pending analysis
Type:
CWE-191 Integer Underflow (Wrap or Wraparound)
Publication date:
25/01/2022
Last modified:
07/11/2023

Description

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:* 3.2.0 (including) 4.13.0 (excluding)
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*