CVE-2022-42309 — Release of Invalid Pointer or Reference in XEN

CWE-763 — Release of Invalid Pointer or Reference4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 80.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Debian Linux +1 more

Timeline

PublishedNov 1

Description

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶debiandebian/xen< xen 4.16.2+90-g0d39a6d1ae-1 (bookworm)

▶Debianxen/xen< 4.14.5+86-g1c354767d5-1+3

Also affects: Debian Linux 11.0, Fedora 35, 36, 37

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xenproject.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-qghj-pfv2-q8gw: Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creat↗2022-11-01

▶

OSV

CVE-2022-42309: Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creat↗2022-11-01

▶

📋Vendor Advisories

Debian

CVE-2022-42309: xen - Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malici...↗2022

▶