Home > Vulnerability Database > CVE-2022-42335

Mend.io Vulnerability Database

CVE-2022-42335

Date: April 25, 2023

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.

Language: C

Severity Score

7.8

Related Resources (10)

Url: https://security.gentoo.org/glsa/202402-07

Url: http://xenbits.xen.org/xsa/advisory-430.html

Url: https://seclists.org/oss-sec/2023/q2/att-103/xsa430.patch

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PSPFWSY6UOPGMADQGOGN2PAAS5LJRPTG/

Url: https://xenbits.xenproject.org/xsa/advisory-430.txt

Url: http://www.openwall.com/lists/oss-security/2023/04/25/1

Url: https://seclists.org/oss-sec/2023/q2/103

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PSPFWSY6UOPGMADQGOGN2PAAS5LJRPTG/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-42335

Url: https://www.mend.io/vulnerability-database/CVE-2022-42335

Severity Score

7.8

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-42335

Date: April 25, 2023

Language: C

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?