vulnerability

Alpine Linux: CVE-2022-33745: Vulnerability in Multiple Components

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Jul 26, 2022	Mar 26, 2024	Jan 5, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Jul 26, 2022

Added

Mar 26, 2024

Modified

Jan 5, 2026

Description

insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.

Solution

alpine-linux-upgrade-xen

References

CVE-2022-33745
https://attackerkb.com/topics/CVE-2022-33745
URL-https://security.alpinelinux.org/vuln/CVE-2022-33745

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today