← Back

CVE-2022-42309

nvd nist
Published: Nov 1, 2022Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.0 / Impact: 6.0
Source: NVD

Description

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

Affected (5)

Xen
1 product
Xen
Debian
1 product
Debian Linux
Fedoraproject
1 product
Fedora
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Xen
All versions
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 11.0
Fedoraproject
Fedora
Version 35
Fedora
Version 36
Fedora
Version 37

Related CWEs

CWE-763
Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

References (16)

Source: security@xen.org
Mailing ListThird Party Advisory
Source: security@xen.org
PatchVendor Advisory
Source: security@xen.org
Source: security@xen.org
Source: security@xen.org
Source: security@xen.org
Source: security@xen.org
Third Party Advisory
Source: security@xen.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.