CVE-2022-42329Deadlock in Kernel

CWE-833DeadlockCWE-667Improper Locking55 documents9 sources
Severity
5.5MEDIUMNVD
OSV8.8OSV6.7OSV2.5
EPSS
0.0%
top 91.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxDebian Linux+2 more
Timeline
PublishedDec 7
Latest updateJun 13

Description

Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-net

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

debiandebian/linux< linux 6.0.12-1 (bookworm)
Debianlinux/linux_kernel< 5.10.158-1+3
Ubuntulinux/linux_kernel< 4.15.0-206.217+2

Also affects: Debian Linux 10.0

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

24
OSV
linux-gcp vulnerabilities2023-04-11
OSV
linux-bluefield vulnerabilities2023-04-05
OSV
linux-hwe-5.19 vulnerabilities2023-03-28
OSV
linux-azure vulnerabilities2023-03-27
OSV
linux-intel-iotg vulnerabilities2023-03-16

📋Vendor Advisories

29
CISA ICS
Siemens SIMATIC and SIPLUS2024-06-13
CISA ICS
​Siemens SIMATIC MV500 Devices2023-07-13
CISA ICS
Siemens SIMATIC S7-1500 TM MFP Linux Kernel2023-06-15
Ubuntu
Linux kernel (GCP) vulnerabilities2023-04-11
Ubuntu
Linux kernel (BlueField) vulnerabilities2023-04-05