Vulnerability Description
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | - |
| Debian | Debian Linux | 11.0 |
| Fedoraproject | Fedora | 35 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2022/11/01/4Mailing ListThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-414.htmlPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202402-07
- https://www.debian.org/security/2022/dsa-5272Third Party Advisory
- https://xenbits.xenproject.org/xsa/advisory-414.txtPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2022/11/01/4Mailing ListThird Party Advisory
- http://xenbits.xen.org/xsa/advisory-414.htmlPatchVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202402-07
- https://www.debian.org/security/2022/dsa-5272Third Party Advisory
FAQ
What is CVE-2022-42309?
CVE-2022-42309 is a vulnerability with a CVSS score of 8.8 (HIGH). Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xens...
How severe is CVE-2022-42309?
CVE-2022-42309 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42309?
Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen, Debian Debian Linux, Fedoraproject Fedora.