CVE-2022-42309

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xenstore (affected versions not specified)

Description The issue is related to a bug in the fix of XSA-115, where a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path. This can result in a crash of xenstored or a memory corruption in xenstored, causing further damage. The error path can be controlled by the guest, for example, by exceeding the quota value of maximum nodes per domain.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-763

Related Identifiers

BDU:2024-03591

CVE-2022-42309

DSA-5272-1

OPENSUSE-SU-2022_3947-1

OPENSUSE-SU-2022_4007-1

SUSE-SU-2022:3925-1

SUSE-SU-2022:3928-1

SUSE-SU-2022:3947-1

SUSE-SU-2022:3960-1

SUSE-SU-2022:3971-1

SUSE-SU-2022:4007-1

SUSE-SU-2022:4051-1

SUSE-SU-2022:4241-1

SUSE-SU-2022:4332-1

SUSE-SU-2022_3960-1

SUSE-SU-2022_4332-1

Affected Products

Suse

Xenstore

CVE-2022-42309

Weakness Enumeration

Related Identifiers

Affected Products

References · 88