CVE-2022-33747 Memory consumption for page tables is bounded by 2nd-level page tables.
This can be exploited to cause a denial-of-service attack against the host kernel, as the global memory pool is shared between all virtual machines. An affected host in such a situation would remain unusable until new memory allocations could be made. This issue is not specific to Ubuntu/Linux hosts, but may affect any hypervisor that uses large pages to map guest data, including Microsoft Windows hosts. This issue has been verified against the following hypervisors: VMware Workstation, VMware Player, VMware Fusion, and Citrix XenServer. ARM: insufficient synchronization of large pages Certain actions (e.g. remapping guest pages in the 2nd-stage page tables) may require some time to complete (up to several seconds). If a malicious guest were to issue a privileged instruction during this time, it might be possible for the instruction to be executed out of order, potentially leading to an arbitrary code execution exploit. ARM: insufficient synchronization of large pages Certain actions (e.g. remapping guest pages in the 2nd-stage page tables) may require some time to complete (up to several seconds). If a malicious guest were to issue a privileged instruction during this time, it might be possible for the instruction to be executed out of order, potentially leading to an arbitrary code execution exploit. ARM: insufficient synchronization of large pages Certain actions (e.g
References
(1) https://www.ibm.com/developerworks/docs/library/l-CVE-2022-33747
An article about how a vulnerability in the Linux kernel could cause a denial of service. The vulnerability is regarding pages that had not been properly synchronized with each other, leading to potential execution of code in an out-of-order fashion and arbitrary code execution exploit.
Exploitation of the ARM: insufficient synchronization of large pages vulnerability
This vulnerability has been exploited in the wild, on systems using ARM Cortex-R4 processors. The vulnerability is used to execute code in the second stage page tables of a guest virtual machine on the host.
Vendor Information
The vendor provides a patch to mitigate this issue on the following platforms:
"The vendor provides a patch to mitigate this issue on the following platforms:"
This can be exploited to cause a denial-of-service attack against the host kernel, as the global memory pool is shared between all virtual machines. An affected host in such a situation would remain unusable until new memory allocations could be made. This issue is not specific to Ubuntu/Linux hosts, but may affect any hypervisor that uses large pages to map guest data, including Microsoft Windows hosts. This issue has been verified against the following hypervisors: VMware Workstation, VMware Player, VMware Fusion, and Citrix XenServer.
References a list of references
- https://github.com/kvm-emu/libvirt/issues/1#issuecomment-33176473
- https://lkml.org/lkml/2016/7/31/163
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1432746
- http://www.securityfocus.com/bid/75534
Timeline
Published on: 10/11/2022 13:15:00 UTC
Last modified on: 10/14/2022 16:09:00 UTC