CVE-2022-42309
Summary
| CVE | CVE-2022-42309 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-11-01 13:15:00 UTC |
|---|
| Updated | 2024-02-04 08:15:00 UTC |
|---|
| Description | Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 37 Update: xen-4.16.2-4.fc37 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| Xen: Multiple Vulnerabilities (GLSA 202402-07) — Gentoo security |
|
security.gentoo.org |
|
| [SECURITY] Fedora 37 Update: xen-4.16.2-4.fc37 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| Debian -- Security Information -- DSA-5272-1 xen |
DEBIAN |
www.debian.org |
|
| XSA-414 - Xen Security Advisories |
CONFIRM |
xenbits.xen.org |
|
| [SECURITY] Fedora 36 Update: xen-4.16.2-3.fc36 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| xenbits.xenproject.org/xsa/advisory-414.txt |
MISC |
xenbits.xenproject.org |
|
| [SECURITY] Fedora 36 Update: xen-4.16.2-3.fc36 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| oss-security - Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests
can crash xenstored |
MLIST |
www.openwall.com |
|
| [SECURITY] Fedora 35 Update: xen-4.15.3-7.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 35 Update: xen-4.15.3-7.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Array
Legacy QID Mappings
- 181193 Debian Security Update for xen (DSA 5272-1)
- 182509 Debian Security Update for xen (CVE-2022-42309)
- 283293 Fedora Security Update for xen (FEDORA-2022-07438e12df)
- 283319 Fedora Security Update for xen (FEDORA-2022-99af00f60e)
- 283430 Fedora Security Update for xen (FEDORA-2022-9f51d13fa3)
- 390275 Oracle Managed Virtualization (VM) Server for x86 Security Update for xen (OVMSA-2023-0005)
- 502590 Alpine Linux Security Update for xen
- 502591 Alpine Linux Security Update for xen
- 502592 Alpine Linux Security Update for xen
- 502600 Alpine Linux Security Update for xen
- 502817 Alpine Linux Security Update for xen
- 503080 Alpine Linux Security Update for xen
- 503348 Alpine Linux Security Update for xen
- 503424 Alpine Linux Security Update for xen
- 503476 Alpine Linux Security Update for xen
- 503511 Alpine Linux Security Update for xen
- 503538 Alpine Linux Security Update for xen
- 503586 Alpine Linux Security Update for xen
- 503624 Alpine Linux Security Update for xen
- 503648 Alpine Linux Security Update for xen
- 503667 Alpine Linux Security Update for xen
- 503695 Alpine Linux Security Update for xen
- 505706 Alpine Linux Security Update for xen
- 710858 Gentoo Linux Xen Multiple Vulnerabilities (GLSA 202402-07)
- 752778 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3925-1)
- 752781 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3928-1)
- 752792 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3947-1)
- 752796 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:3971-1)
- 752807 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:4007-1)
- 752887 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:4241-1)
- 752979 SUSE Enterprise Linux Security Update for xen (SUSE-SU-2022:4332-1)
