Lucene search

PRIOn knowledge basePRION:CVE-2022-42310

HistoryNov 01, 2022 - 1:15 p.m.

Design/Logic Flaw

2022-11-0113:15:00

PRIOn knowledge base

www.prio-n.com

xenstore

orphaned nodes

database security

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.4%

JSON

Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as the cleanup after the error will not remove all nodes already created. When the transaction is committed after this situation, nodes without a valid parent can be made permanent in the data base.

CPENameOperatorVersion
debian_linuxeq11.0
fedoraeq35
fedoraeq36
fedoraeq37
xenge4.9.0
xenlt4.13.0

Name	Operator	Version
debian_linux	eq	11.0
fedora	eq	35
fedora	eq	36
fedora	eq	37
xen	ge	4.9.0
xen	lt	4.13.0

References

www.openwall.com/lists/oss-security/2022/11/01/5

xenbits.xen.org/xsa/advisory-415.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

security.gentoo.org/glsa/202402-07

www.debian.org/security/2022/dsa-5272

xenbits.xenproject.org/xsa/advisory-415.txt