QwikSec

Security Database

CVE

CWE

Training

CVE-2022-42309

Published: Nov 1, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of maximum nodes per domain.

Vendor	Product	Versions
Xen	xen	unknown `consult Xen advisory XSA-414`

References

https://xenbits.xenproject.org/xsa/advisory-414.txt

http://xenbits.xen.org/xsa/advisory-414.html

[oss-security] 20221101 Xen Security Advisory 414 v2 (CVE-2022-42309) - Xenstore: Guests can crash xenstored

mailing-list

vendor-advisory

FEDORA-2022-07438e12df

vendor-advisory

FEDORA-2022-99af00f60e

vendor-advisory

FEDORA-2022-9f51d13fa3

vendor-advisory

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.