Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.
References
Configurations
History
29 Nov 2022, 18:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/ - Mailing List, Third Party Advisory |
24 Nov 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
References |
|
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/11/01/4 - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5272 - Third Party Advisory |
09 Nov 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2022, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2022, 14:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://xenbits.xenproject.org/xsa/advisory-414.txt - Patch, Vendor Advisory | |
References | (CONFIRM) http://xenbits.xen.org/xsa/advisory-414.html - Patch, Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/11/01/4 - Third Party Advisory | |
CWE | CWE-763 | |
CPE | cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:* |
01 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Nov 2022, 13:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-01 13:15
Updated : 2024-02-04 08:15
NVD link : CVE-2022-42309
Mitre link : CVE-2022-42309
CVE.ORG link : CVE-2022-42309
JSON object : View
Products Affected
debian
- debian_linux
xen
- xen
fedoraproject
- fedora
CWE
CWE-763
Release of Invalid Pointer or Reference