Improper Resource Shutdown or Release Affecting xen package, versions <4.15.4-r0


0.0
low

Snyk CVSS

    Attack Complexity Low
    Scope Changed

    Threat Intelligence

    EPSS 0.05% (16th percentile)
Expand this section
NVD
3.8 low
Expand this section
SUSE
3.8 low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-ALPINE315-XEN-3136340
  • published 20 Nov 2022
  • disclosed 11 Oct 2022

How to fix?

Upgrade Alpine:3.15 xen to version 4.15.4-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream xen package and not the xen package as distributed by Alpine. See How to fix? for Alpine:3.15 relevant fixed versions and status.

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.