CVE-2022-42331 — XEN vulnerability

4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 82.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN Fedoraproject Fedora

Timeline

PublishedMar 21

Description

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/xen< xen 4.17.0+74-g3eac216e6e-1 (bookworm)

▶Debianxen/xen< 4.14.5+94-ge49571868d-1+3

▶NVDxen/xen4.5.0 — 4.17.0

Also affects: Fedora 37, 38

🔴Vulnerability Details

OSV

CVE-2022-42331: x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath↗2023-03-21

▶

GHSA

GHSA-f5x9-rprw-5rc4: x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath↗2023-03-21

▶

📋Vendor Advisories

Debian

CVE-2022-42331: xen - x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the ...↗2022

▶