Alpine: xen: security update to 4.16.3-r0

high Tenable Cloud Security Plugin ID 407838

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are
per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the
domid of the removed domain. This is normally no problem, as those access right entries will be corrected
when such a node is written later. There is a small time window when a new domain is created, where the
access rights of a past domain with the same domid as the new one will be regarded to be still valid,
leading to the new domain being able to get access to a node which was meant to be accessible by the
removed domain. For this to happen another domain needs to write the node before the newly created domain
is being introduced to Xenstore by dom0. (CVE-2022-42320)

- P2M pool freeing may take excessively long The P2M pool backing second level address translation for
guests may be of significant size. Therefore its freeing may take more time than is reasonable without
intermediate preemption checks. Such checking for the need to preempt was so far missing. (CVE-2022-33746)

- Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages
from a guest's P2M (Physical-to-Machine) mapping. When large pages are in use to map guest pages in the
2nd-stage page tables, such a removal operation may incur a memory allocation (to replace a large mapping
with individual smaller ones). These memory allocations are taken from the global memory pool. A malicious
guest might be able to cause the global memory pool to be exhausted by manipulating its own P2M mappings.
(CVE-2022-33747)

- lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was
inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a
result two cooperating guests granting each other transitive grants can cause locks to be acquired nested
within one another, but in respectively opposite order. With suitable timing between the involved grant
copy operations this may result in the locking up of a CPU. (CVE-2022-33748)

- Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction
resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the
cleanup after the error will not remove all nodes already created. When the transaction is committed after
this situation, nodes without a valid parent can be made permanent in the data base. (CVE-2022-42310)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-33746

https://security.alpinelinux.org/vuln/CVE-2022-33747

https://security.alpinelinux.org/vuln/CVE-2022-33748

https://security.alpinelinux.org/vuln/CVE-2022-42310

https://security.alpinelinux.org/vuln/CVE-2022-42311

https://security.alpinelinux.org/vuln/CVE-2022-42312

https://security.alpinelinux.org/vuln/CVE-2022-42313

https://security.alpinelinux.org/vuln/CVE-2022-42314

https://security.alpinelinux.org/vuln/CVE-2022-42315

https://security.alpinelinux.org/vuln/CVE-2022-42316

https://security.alpinelinux.org/vuln/CVE-2022-42317

https://security.alpinelinux.org/vuln/CVE-2022-42318

https://security.alpinelinux.org/vuln/CVE-2022-42319

https://security.alpinelinux.org/vuln/CVE-2022-42320

https://security.alpinelinux.org/vuln/CVE-2022-42321

https://security.alpinelinux.org/vuln/CVE-2022-42322

https://security.alpinelinux.org/vuln/CVE-2022-42323

https://security.alpinelinux.org/vuln/CVE-2022-42325

https://security.alpinelinux.org/vuln/CVE-2022-42326

Plugin Details

Severity: High

ID: 407838

Version: Revision 1.32

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.35

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-42320

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/2/2021

Reference Information

CVE: CVE-2022-33746, CVE-2022-33747, CVE-2022-33748, CVE-2022-42310, CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318, CVE-2022-42319, CVE-2022-42320, CVE-2022-42321, CVE-2022-42322, CVE-2022-42323, CVE-2022-42325, CVE-2022-42326

IAVB: 2021-B-0068-S, 2022-B-0048-S