CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
14.2%
Xenstore: Guests can create orphaned Xenstore nodes By creating multiple
nodes inside a transaction resulting in an error, a malicious guest can
create orphaned nodes in the Xenstore data base, as the cleanup after the
error will not remove all nodes already created. When the transaction is
committed after this situation, nodes without a valid parent can be made
permanent in the data base.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2022/11/01/5
xenbits.xen.org/xsa/advisory-415.html
launchpad.net/bugs/cve/CVE-2022-42310
nvd.nist.gov/vuln/detail/CVE-2022-42310
security-tracker.debian.org/tracker/CVE-2022-42310
www.cve.org/CVERecord?id=CVE-2022-42310
xenbits.xen.org/xsa/advisory-415.html
xenbits.xenproject.org/xsa/advisory-415.txt