CVE-2022-46770
Published: 07 December 2022
Summary
CVE-2022-46770 is a high-severity Infinite Loop (CWE-835) vulnerability in Linuxfoundation Mirage Firewall. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 4.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2022-46770 affects the qubes-mirage-firewall component (versions 0.8.x through 0.8.3) used in QubesOS. The flaw is an infinite-loop condition (CWE-835) triggered when the firewall processes a crafted multicast UDP packet whose destination address falls in the 224.0.0.0/4 range, resulting in sustained CPU consumption and cessation of all packet forwarding.
A guest OS user on a Qubes system can send the malicious UDP packet from within a network-connected VM. Because the packet is processed by the Mirage-based firewall running in a separate domain, the attacker needs no privileges outside the guest and can achieve a denial-of-service condition that disrupts network connectivity for other qubes without requiring user interaction.
Public references consist of a GitHub issue and an accompanying Packet Storm entry that demonstrate the packet construction; neither source describes an official patch or configuration workaround beyond upgrading to a corrected release of qubes-mirage-firewall.
The associated EPSS score rose from a low baseline to a recorded peak of 0.2456, indicating that exploitation interest increased after disclosure and that the vulnerability merits renewed attention.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-49552
Vulnerability details
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.