Ubuntu.comUB:CVE-2022-42309CVE-2022-42309
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.3%
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a
malicious guest can cause xenstored to use a wrong pointer during node
creation in an error path, resulting in a crash of xenstored or a memory
corruption in xenstored causing further damage. Entering the error path can
be controlled by the guest e.g. by exceeding the quota value of maximum
nodes per domain.
Notes
| Author | Note |
|---|---|
| mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
References
www.openwall.com/lists/oss-security/2022/11/01/4
xenbits.xen.org/xsa/advisory-414.html
launchpad.net/bugs/cve/CVE-2022-42309
nvd.nist.gov/vuln/detail/CVE-2022-42309
security-tracker.debian.org/tracker/CVE-2022-42309
www.cve.org/CVERecord?id=CVE-2022-42309
xenbits.xen.org/xsa/advisory-414.html
xenbits.xenproject.org/xsa/advisory-414.txt
Related
8.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
13.3%