CVE-2022-42324

Name of the Vulnerable Software and Affected Versions Oxenstored versions 32-bit builds

Description The issue arises from the Ocaml Xenbus library taking a C uint32 t out of the ring and casting it directly to an Ocaml integer. In 32-bit builds, this causes a truncation of the most significant bit, leading to unsigned/signed confusion. As a result, a negative value can be fed into logic that does not expect it, causing unexpected exceptions. These exceptions are not handled properly, resulting in a busy-loop that attempts to remove a bad packet from the xenstore ring.

Recommendations For 32-bit builds of Oxenstored, consider applying a patch that correctly handles the casting of C uint32 t to Ocaml integers to prevent integer truncation issues. At the moment, there is no information about a newer version that contains a fix for this vulnerability.