漏洞标题
N/A
漏洞描述信息
x86/HVM 固定缓存属性误处理
为了允许通过设备访问的HVM guests进行Cache一致性控制,存在一个接口可以明确绕过原本会设置默认值的配置。尽管不直接暴露给受影响的 guests,但这个接口专门是为控制此类 guests而设计的。因此,这个接口可能会被非完全特权实体使用,例如在 Dom0 中非特权运行的 QEMU 或在一个所谓的短截域中运行的 QEMU。在这种暴露的情况下,这是一个问题:-此类受控区域的个数没有限制(CVE-2022-42333);-此类区域的安装和卸载没有正确序列化(CVE-2022-42334)。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Xen 安全漏洞
漏洞描述信息
Xen是英国剑桥(Cambridge)大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen存在安全漏洞,该漏洞源于固定缓存属性处理不当。
CVSS信息
N/A
漏洞类别
其他