How severe is CVE-2022-42333?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2022-42333?

This is classified as CWE-770, which is a common weakness in software security.

CVE-2022-42333 - HIGH Severity | CVSS 8.6

Vulnerability Description

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334).

Related Vulnerabilities

CVE-2017-3883

HIGH

CVSS:8.6(High)

A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated...

CWE-7702017

CVE-2018-21035

HIGH

CVSS:8.6(High)

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of servi...

CWE-7702018

CVE-2021-28706

HIGH

CVSS:8.6(High)

guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrato...

CWE-7702021

CVE-2021-41593

HIGH

CVSS:8.6(High)

Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.

CWE-7702021

CVE-2023-20033

HIGH

CVSS:8.6(High)

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, r...

CWE-7702023

CVE-2024-0081

HIGH

CVSS:8.6(High)

NVIDIA NeMo framework for Ubuntu contains a vulnerability in tools/asr_webapp where an attacker may cause an allocation of resources without limits or throttling. A successful exploit of this vulnerab...

CWE-7702024