CVE-2022-42324

Published: Nov 1, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring.

Affected (5)

Products: Xen: Xen · Debian: Debian Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xen Xen	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 35
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Related CWEs

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References (16)

http://www.openwall.com/lists/oss-security/2022/11/01/10

Source: security@xen.org

Mailing ListPatchThird Party Advisory

http://xenbits.xen.org/xsa/advisory-420.html

Source: security@xen.org

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Source: security@xen.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Source: security@xen.org

https://security.gentoo.org/glsa/202402-07

Source: security@xen.org

https://www.debian.org/security/2022/dsa-5272

Source: security@xen.org

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-420.txt

Source: security@xen.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2022/11/01/10

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://xenbits.xen.org/xsa/advisory-420.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/202402-07

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.debian.org/security/2022/dsa-5272

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://xenbits.xenproject.org/xsa/advisory-420.txt

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.