CVE-2022-42309 - OpenCVE

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Xen	Xen

Configuration 1 [-]

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2022/11/01/4
http://xenbits.xen.org/xsa/advisory-414.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
https://security.gentoo.org/glsa/202402-07
https://www.debian.org/security/2022/dsa-5272
https://xenbits.xenproject.org/xsa/advisory-414.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: XEN

Published: 2022-11-01T00:00:00

Updated: 2024-08-03T13:03:45.940Z

Reserved: 2022-10-03T00:00:00

Link: CVE-2022-42309

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-01T13:15:11.237

Modified: 2024-02-04T08:15:11.987

Link: CVE-2022-42309

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42309", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "dateUpdated": "2024-08-03T13:03:45.940Z", "dateReserved": "2022-10-03T00:00:00", "datePublished": "2022-11-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-02-04T08:06:21.441442"}, "descriptions": [{"lang": "en", "value": "Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain."}], "affected": [{"vendor": "Xen", "product": "xen", "versions": [{"version": "consult Xen advisory XSA-414", "status": "unknown"}]}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-414.txt"}, {"url": "http://xenbits.xen.org/xsa/advisory-414.html"}, {"name": "[oss-security] 20221101 Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests can crash xenstored", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/4"}, {"name": "DSA-5272", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"name": "FEDORA-2022-07438e12df", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"name": "FEDORA-2022-99af00f60e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"name": "FEDORA-2022-9f51d13fa3", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"name": "GLSA-202402-07", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202402-07"}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by Julien Grall of Amazon.'}]}}}"}], "metrics": [{"other": {"type": "unknown", "content": {"description": {"description_data": [{"lang": "eng", "value": "A malicious guest can cause xenstored to crash, resulting in the inability\nto create new guests or to change the configuration of running guests.\n\nMemory corruption in xenstored or privilege escalation of a guest can't\nbe ruled out."}]}}}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "unknown"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.940Z"}, "title": "CVE Program Container", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-414.txt", "tags": ["x_transferred"]}, {"url": "http://xenbits.xen.org/xsa/advisory-414.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221101 Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests can crash xenstored", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/4"}, {"name": "DSA-5272", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"name": "FEDORA-2022-07438e12df", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"name": "FEDORA-2022-99af00f60e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"name": "FEDORA-2022-9f51d13fa3", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"name": "GLSA-202402-07", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202402-07"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFA1950D-1D9F-4401-AA86-CF3028EFD286", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain."}, {"lang": "es", "value": "Xenstore: Los invitados pueden bloquear xenstored Debido a un error en la soluci\u00f3n de XSA-115, un invitado malintencionado puede hacer que xenstored use un puntero incorrecto durante la creaci\u00f3n del nodo en una ruta de error, lo que resulta en una falla de xenstored o una corrupci\u00f3n de la memoria en xenstored, lo que provoca m\u00e1s da\u00f1o. El invitado puede controlar el ingreso de la ruta de error, por ejemplo, excediendo el valor de cuota de nodos m\u00e1ximos por dominio."}], "id": "CVE-2022-42309", "lastModified": "2024-02-04T08:15:11.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-01T13:15:11.237", "references": [{"source": "security@xen.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/4"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-414.html"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"source": "security@xen.org", "url": "https://security.gentoo.org/glsa/202402-07"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-414.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-763"}], "source": "nvd@nist.gov", "type": "Primary"}]}