CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
14.2%
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a
malicious guest can cause xenstored to use a wrong pointer during node
creation in an error path, resulting in a crash of xenstored or a memory
corruption in xenstored causing further damage. Entering the error path can
be controlled by the guest e.g. by exceeding the quota value of maximum
nodes per domain.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2022/11/01/4
xenbits.xen.org/xsa/advisory-414.html
launchpad.net/bugs/cve/CVE-2022-42309
nvd.nist.gov/vuln/detail/CVE-2022-42309
security-tracker.debian.org/tracker/CVE-2022-42309
www.cve.org/CVERecord?id=CVE-2022-42309
xenbits.xen.org/xsa/advisory-414.html
xenbits.xenproject.org/xsa/advisory-414.txt