CVE-2022-42320

Name of the Vulnerable Software and Affected Versions Xenstore (affected versions not specified)

Description The issue is related to the Xenstore component of the Xen hypervisor, where guests can gain access to Xenstore nodes of deleted domains due to incomplete cleanup of temporary or auxiliary resources. This can lead to unauthorized access to protected information, privilege escalation, or denial of service. The problem occurs when a new domain is created with the same domid as a previously removed domain, and there is a small time window where the access rights of the past domain are still considered valid. For this to happen, another domain needs to write the node before the newly created domain is introduced to Xenstore by dom0.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.