CVE-2022-42328

Summary

CVE	CVE-2022-42328
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-12-07 01:15:00 UTC
Updated	2023-01-10 19:40:00 UTC
Description	Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).

Risk And Classification

Problem Types: CWE-667

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All

References

Reference	Source	Link	Tags
oss-security - Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver	MLIST	www.openwall.com
[SECURITY] [DLA 3245-1] linux security update	MLIST	lists.debian.org
oss-security - Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver	MLIST	www.openwall.com
oss-security - Re: Xen Security Advisory 424 v1 (CVE-2022-42328,CVE-2022-42329) - Guests can trigger deadlock in Linux netback driver	MLIST	www.openwall.com
[SECURITY] [DLA 3244-1] linux-5.10 security update	MLIST	lists.debian.org
xenbits.xenproject.org/xsa/advisory-424.txt	MISC	xenbits.xenproject.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181436 Debian Security Update for linux (CVE-2022-42328)
181440 Debian Security Update for linux-5.10 (DLA 3244-1)
181565 Debian Security Update for linux (DLA 3245-1)
199209 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5912-1)
199212 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5917-1)
199214 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5920-1)
199217 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5925-1)
199218 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5927-1)
199223 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5935-1)
199224 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5934-1)
199226 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5939-1)
199227 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5938-1)
199229 Ubuntu Security Notification for Linux kernel (KVM) Vulnerabilities (USN-5941-1)
199230 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5940-1)
199239 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-5951-1)
199243 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-5962-1)
199251 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5970-1)
199258 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5979-1)
199276 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6000-1)
199502 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5975-1)
199541 Ubuntu Security Notification for Linux kernel (Azure) Vulnerabilities (USN-5924-1)
199566 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-6007-1)
199567 Ubuntu Security Notification for Linux kernel (HWE) Vulnerabilities (USN-5883-1)
199581 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5919-1)
355199 Amazon Linux Security Advisory for kernel : ALAS2023-2023-070
378468 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-20230042)
378473 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0021)
378512 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0042)
753014 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4505-1)
753020 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4585-1)
753034 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4504-1)
753038 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4573-1)
753039 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4574-1)
753047 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4566-1)
753060 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4615-1)
753063 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4617-1)
753562 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0134-1)
753583 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0152-1)
753688 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0406-1)
904671 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11589)
904677 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11583)
905765 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11589-2)
906442 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11583-2)
906604 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11589-4)