Lucene search

K

XENCVELIST:CVE-2022-42309

HistoryNov 01, 2022 - 12:00 a.m.

CVE-2022-42309

2022-11-0100:00:00

XEN

www.cve.org

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

CNA Affected

[
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "consult Xen advisory XSA-414",
        "status": "unknown"
      }
    ]
  }
]

References

www.openwall.com/lists/oss-security/2022/11/01/4

xenbits.xen.org/xsa/advisory-414.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

security.gentoo.org/glsa/202402-07

www.debian.org/security/2022/dsa-5272

xenbits.xenproject.org/xsa/advisory-414.txt

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

Related for CVELIST:CVE-2022-42309

ubuntucve1 xen1 nvd1 nessus15 cve1 prion1 debiancve1 veracode1 osv2 openvas12 fedora3 debian1 gentoo1