How severe is CVE-2022-23035?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2022-23035?

This is classified as CWE-459, which is a common weakness in software security.

CVE-2022-23035 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.

Related Vulnerabilities

CVE-2021-4002

MEDIUM

CVSS:4.4(Medium)

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some...

CWE-4592021

CVE-2021-4032

MEDIUM

CVSS:4.4(Medium)

A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to ...

CWE-4592021

CVE-2022-26074

MEDIUM

CVSS:4.4(Medium)

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via loca...

CWE-4592022

CVE-2022-46298

MEDIUM

CVSS:4.4(Medium)

Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.

CWE-4592022

CVE-2023-31356

MEDIUM

CVSS:4.4(Medium)

Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.

CWE-4592023

CVE-2023-52617

MEDIUM

CVSS:4.4(Medium)

In the Linux kernel, the following vulnerability has been resolved: PCI: switchtec: Fix stdev_release() crash after surprise hot remove A PCI device hot removal may occur while stdev->cdev is held ope...

CWE-4592023