{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42324", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "assignerShortName": "XEN", "dateUpdated": "2024-08-03T13:03:45.972Z", "dateReserved": "2022-10-03T00:00:00", "datePublished": "2022-11-01T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2024-02-04T08:07:22.705948"}, "descriptions": [{"lang": "en", "value": "Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring."}], "affected": [{"vendor": "Xen", "product": "xen", "versions": [{"version": "consult Xen advisory XSA-420", "status": "unknown"}]}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-420.txt"}, {"url": "http://xenbits.xen.org/xsa/advisory-420.html"}, {"name": "[oss-security] 20221101 Xen Security Advisory 420 v2 (CVE-2022-42324) - Oxenstored 32->31 bit integer truncation issues", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/10"}, {"name": "DSA-5272", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"name": "FEDORA-2022-07438e12df", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"name": "FEDORA-2022-99af00f60e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"name": "FEDORA-2022-9f51d13fa3", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"name": "GLSA-202402-07", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202402-07"}], "credits": [{"lang": "en", "value": "{'credit_data': {'description': {'description_data': [{'lang': 'eng', 'value': 'This issue was discovered by J\u00fcrgen Gro\u00df of SUSE.'}]}}}"}], "metrics": [{"other": {"type": "unknown", "content": {"description": {"description_data": [{"lang": "eng", "value": "A malicious or buggy guest can write a packet into the xenstore ring\nwhich causes 32-bit builds of oxenstored to busy loop."}]}}}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "unknown"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.972Z"}, "title": "CVE Program Container", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-420.txt", "tags": ["x_transferred"]}, {"url": "http://xenbits.xen.org/xsa/advisory-420.html", "tags": ["x_transferred"]}, {"name": "[oss-security] 20221101 Xen Security Advisory 420 v2 (CVE-2022-42324) - Oxenstored 32->31 bit integer truncation issues", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/10"}, {"name": "DSA-5272", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"name": "FEDORA-2022-07438e12df", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"name": "FEDORA-2022-99af00f60e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"name": "FEDORA-2022-9f51d13fa3", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"name": "GLSA-202402-07", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202402-07"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring."}, {"lang": "es", "value": "Problemas de truncado de enteros de 32 a 31 bits almacenados en Oxenstored. Los enteros en Ocaml tienen 63 o 31 bits de precisi\u00f3n confirmada. La librer\u00eda Ocaml Xenbus extrae una variable uint32_t de C del anillo y lo convierte directamente en un entero Ocaml. En compilaciones de Ocaml de 64 bits, esto est\u00e1 bien, pero en compilaciones de 32 bits, trunca el bit m\u00e1s significativo y luego crea confusi\u00f3n sin confirmaci\u00f3n/confirmada en el resto. Esto, a su vez, puede introducir un valor negativo en la l\u00f3gica que no espera un valor negativo, lo que genera excepciones inesperadas. La excepci\u00f3n inesperada no se maneja adecuadamente, lo que crea un bucle de ocupaci\u00f3n al intentar (y fallar) sacar el paquete defectuoso del anillo xenstore."}], "id": "CVE-2022-42324", "lastModified": "2024-11-21T07:24:45.167", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-01T13:15:12.017", "references": [{"source": "security@xen.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/10"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-420.html"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"source": "security@xen.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"source": "security@xen.org", "url": "https://security.gentoo.org/glsa/202402-07"}, {"source": "security@xen.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"source": "security@xen.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-420.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/11/01/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-420.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202402-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5272"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xenproject.org/xsa/advisory-420.txt"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-681"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}