5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
13.5%
Xenstore: Guests can create arbitrary number of nodes via transactions
T[his CNA information record relates to multiple CVEs; the text explains
which aspects/vulnerabilities correspond to which CVE.] In case a node has
been created in a transaction and it is later deleted in the same
transaction, the transaction will be terminated with an error. As this
error is encountered only when handling the deleted node at transaction
finalization, the transaction will have been performed partially and
without updating the accounting information. This will enable a malicious
guest to create arbitrary number of nodes.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2022/11/01/11
xenbits.xen.org/xsa/advisory-421.html
launchpad.net/bugs/cve/CVE-2022-42326
nvd.nist.gov/vuln/detail/CVE-2022-42326
security-tracker.debian.org/tracker/CVE-2022-42326
www.cve.org/CVERecord?id=CVE-2022-42326
xenbits.xen.org/xsa/advisory-421.html
xenbits.xenproject.org/xsa/advisory-421.txt
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
13.5%