CVE-2022-33746

Description

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.

How to fix CVE-2022-33746

To remediate CVE-2022-33746, upgrade the affected package to a fixed version below.

Alpine/xen—upgrade to 4.15.4-r0 or later
—upgrade to 4.14.5+86-g1c354767d5-1 or later

Is CVE-2022-33746 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.15.4-r0
from 0, < 4.14.5+86-g1c354767d5-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References (2)

ADVISORYsecurity.alpinelinux.org/vuln/CVE-2022-33746
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-33746