Vulnerabilities > CVE-2022-42327

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

xen

fedoraproject

NVD

Published: 2022-11-01

Updated: 2024-02-04

Summary

x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.

Vulnerable Configurations

Part	Description	Count
OS	Xen XEN XEN 4.16	1
OS	Fedoraproject Fedoraproject Fedora 36 Fedoraproject Fedora 37	2

References

https://xenbits.xenproject.org/xsa/advisory-412.txt
http://xenbits.xen.org/xsa/advisory-412.html
http://www.openwall.com/lists/oss-security/2022/11/01/3
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
https://security.gentoo.org/glsa/202402-07

Vulnerabilities > CVE-2022-42327 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-42327"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-42327