CVE-2022-42309

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.
Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

History

29 Nov 2022, 18:08

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/ - Mailing List, Third Party Advisory

24 Nov 2022, 03:15

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/ - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/11/01/4 - Third Party Advisory (MLIST) http://www.openwall.com/lists/oss-security/2022/11/01/4 - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/ - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5272 - (DEBIAN) https://www.debian.org/security/2022/dsa-5272 - Third Party Advisory

09 Nov 2022, 14:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/ -

07 Nov 2022, 08:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5272 -

03 Nov 2022, 14:50

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
References (MISC) https://xenbits.xenproject.org/xsa/advisory-414.txt - (MISC) https://xenbits.xenproject.org/xsa/advisory-414.txt - Patch, Vendor Advisory
References (CONFIRM) http://xenbits.xen.org/xsa/advisory-414.html - (CONFIRM) http://xenbits.xen.org/xsa/advisory-414.html - Patch, Vendor Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2022/11/01/4 - (MLIST) http://www.openwall.com/lists/oss-security/2022/11/01/4 - Third Party Advisory
CWE CWE-763
CPE cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

01 Nov 2022, 15:15

Type Values Removed Values Added
References
  • (CONFIRM) http://xenbits.xen.org/xsa/advisory-414.html -
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/11/01/4 -

01 Nov 2022, 13:38

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-01 13:15

Updated : 2024-02-04 08:15


NVD link : CVE-2022-42309

Mitre link : CVE-2022-42309

CVE.ORG link : CVE-2022-42309


JSON object : View

Products Affected

debian

  • debian_linux

xen

  • xen

fedoraproject

  • fedora
CWE
CWE-763

Release of Invalid Pointer or Reference