CVE-2022-42309
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.
| Vendor | xen |
| Product | xen |
| Published | Nov 1, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for xen xen
Be the first to know when new unknown vulnerabilities affecting xen xen are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Xen / xen
All versions affected References
xenbits.xenproject.org: https://xenbits.xenproject.org/xsa/advisory-414.txt xenbits.xen.org: http://xenbits.xen.org/xsa/advisory-414.html openwall.com: http://www.openwall.com/lists/oss-security/2022/11/01/4 debian.org: https://www.debian.org/security/2022/dsa-5272 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/ security.gentoo.org: https://security.gentoo.org/glsa/202402-07
Credits
{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Julien Grall of Amazon.'}]}}}