CVE Vulnerabilities

CVE-2022-42335

NULL Pointer Dereference

Published: Apr 25, 2023 | Modified: Feb 04, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Xen Xen 4.17.0 (including) 4.17.0 (including)
Xen Ubuntu bionic *
Xen Ubuntu kinetic *
Xen Ubuntu lunar *
Xen Ubuntu mantic *
Xen Ubuntu trusty *
Xen Ubuntu xenial *

Potential Mitigations

References