CVE-2022-42310

2022-11-0113:15:11

CWE-459

XEN

web.nvd.nist.gov

xenstore

orphaned nodes

database corruption

guest access

cve-2022-42310

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

Percentile

14.2%

JSON

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.

Affected configurations

Nvd

Node

xenxenRange4.9.0–4.13.0

Node

debiandebian_linuxMatch11.0

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

VendorProductVersionCPE
xenxen*cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	*	cpe:2.3:o:xen:xen::::::::
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*

CNA Affected

[
  {
    "vendor": "Xen",
    "product": "xen",
    "versions": [
      {
        "version": "consult Xen advisory XSA-415",
        "status": "unknown"
      }
    ]
  }
]