{"containers": {"cna": {"affected": [{"product": "Linux", "vendor": "Linux", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-405"}]}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Jan Beulich of SUSE.'}]}}}"}], "descriptions": [{"lang": "en", "value": "network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed."}], "metrics": [{"other": {"content": {"description": {"description_data": [{"lang": "eng", "value": "A misbehaving or malicious backend may cause a Denial of Service (DoS)\nin the guest. Information leaks or privilege escalation cannot be\nruled out."}]}}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"description": "unknown", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-07-27T10:06:51", "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://xenbits.xenproject.org/xsa/advisory-405.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-405.html"}, {"name": "[oss-security] 20220705 Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/07/05/5"}, {"name": "DSA-5191", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5191"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@xen.org", "ID": "CVE-2022-33743", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux", "version": {"version_data": [{"version_affected": "?", "version_value": "consult Xen advisory XSA-405"}]}}]}, "vendor_name": "Linux"}]}}, "configuration": {"configuration_data": {"description": {"description_data": [{"lang": "eng", "value": "Linux versions 5.9 - 5.18 are vulnerable. Linux versions 5.8 and\nearlier are not vulnerable.\n\nThis vulnerability only increases the capability of an attacker in systems\nwith less than fully privileged network backends (e.g. network driver\ndomains). For systems where netback runs in dom0 (the default\nconfiguration), this vulnerability does not increase the capabilities of\nan attacker."}]}}}, "credit": {"credit_data": {"description": {"description_data": [{"lang": "eng", "value": "This issue was discovered by Jan Beulich of SUSE."}]}}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed."}]}, "impact": {"impact_data": {"description": {"description_data": [{"lang": "eng", "value": "A misbehaving or malicious backend may cause a Denial of Service (DoS)\nin the guest. Information leaks or privilege escalation cannot be\nruled out."}]}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unknown"}]}]}, "references": {"reference_data": [{"name": "https://xenbits.xenproject.org/xsa/advisory-405.txt", "refsource": "MISC", "url": "https://xenbits.xenproject.org/xsa/advisory-405.txt"}, {"name": "http://xenbits.xen.org/xsa/advisory-405.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-405.html"}, {"name": "[oss-security] 20220705 Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/07/05/5"}, {"name": "DSA-5191", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5191"}]}, "workaround": {"workaround_data": {"description": {"description_data": [{"lang": "eng", "value": "There is no mitigation available other than not using PV devices in case\na backend is suspected to be potentially malicious."}]}}}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T08:09:22.607Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://xenbits.xenproject.org/xsa/advisory-405.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-405.html"}, {"name": "[oss-security] 20220705 Xen Security Advisory 405 v3 (CVE-2022-33743) - network backend may cause Linux netfront to use freed SKBs", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/07/05/5"}, {"name": "DSA-5191", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5191"}]}]}, "cveMetadata": {"assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "cveId": "CVE-2022-33743", "datePublished": "2022-07-05T12:50:19", "dateReserved": "2022-06-15T00:00:00", "dateUpdated": "2024-08-03T08:09:22.607Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CD32F0B-F455-46C3-B510-AD6FC97DC3A2", "versionEndIncluding": "5.18", "versionStartIncluding": "5.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed."}, {"lang": "es", "value": "El backend de la red puede hacer que Linux netfront use SKB liberados Al agregar l\u00f3gica para admitir XDP (ruta de datos eXpress), se movi\u00f3 una etiqueta de c\u00f3digo de una manera que permit\u00eda que los SKB tuvieran referencias (punteros) retenidas para un procesamiento posterior para, no obstante, ser liberados"}], "id": "CVE-2022-33743", "lastModified": "2022-11-05T03:06:47.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-05T13:15:08.613", "references": [{"source": "security@xen.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/07/05/5"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-405.html"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5191"}, {"source": "security@xen.org", "tags": ["Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-405.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2458", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2148", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "kernel: network backend may cause Linux netfront to use freed SKBs (XSA-405)", "id": "2107924", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107924"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-459", "details": ["network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.", "An incomplete cleanup flaw was found in the Linux kernel\u2019s Xen networking XDP (eXpress Data Path) subsystem. This flaw allows a local user to crash the system."], "name": "CVE-2022-33743", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-07-04T09:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-33743\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-33743\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/net/xen-netfront.c?h=v5.19-rc7&id=f63c2c2032c2e3caad9add3b82cc6e91c376fd26\nhttps://www.openwall.com/lists/oss-security/2022/07/05/5"], "statement": "Keeping this flaw Moderate, because only a denial of service is possible (A:H) as result of memory leak problem. The memory leak can happen because instead of removing skb, keeping it in the networking stack forever. The CVSS score is higher, than usually for Moderate, because kept \"C:H\" and \"I:H\" too in case maybe potentially would be possible privilege escalation too.", "threat_severity": "Moderate", "upstream_fix": "Linux kernel 5.19-rc6"}