DEBIAN-CVE-2022-33747
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 11 Oct 2022, 13:15
Last modified:28 Apr 2026, 20:24
Vulnerability Summary
Overall Risk (default)
low
15/100 CVSS Score
3.8 LOW
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
11 Oct 2022, 13:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:24
Last Modified
Vulnerability information updated
Description
Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.
CVSS Metrics
- v3.1•LOW•Score: 3.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Affected Systems
- debian•xen
< 4.14.5+86-g1c354767d5-1 | < 4.16.2+90-g0d39a6d1ae-1 | < 4.16.2+90-g0d39a6d1ae-1 | < 4.16.2+90-g0d39a6d1ae-1