ALPINE-CVE-2022-33747
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 11 Oct 2022, 13:15
Last modified:03 Dec 2025, 22:49
Vulnerability Summary
Overall Risk (default)
low
15/100 CVSS Score
3.8 LOW
3.1 (osv_alpine)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Oct 2022, 13:15
Published
Vulnerability first disclosed
03 Dec 2025, 22:49
Last Modified
Vulnerability information updated
Description
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.
CVSS Metrics
- v3.1•LOW•Score: 3.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Affected Systems
- alpine•xen
< 4.15.4-r0 | < 4.15.4-r0 | < 4.16.3-r0 | < 4.16.3-r0 | < 4.17.0-r0 | < 4.17.0-r0 | < 4.17.0-r0 | < 4.17.0-r0 | < 4.17.0-r0 | < 4.17.0-r0