CVE-2022-42323
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota.
Xenstore: los invitados que cooperan pueden crear números arbitrarios de nodos. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] Desde la corrección de XSA-322, cualquier nodo Xenstore propiedad de un dominio eliminado se modificará para que sea propiedad de Dom0. Esto permitirá que dos invitados maliciosos trabajen juntos para crear una cantidad arbitraria de nodos Xenstore. Esto es posible si el dominio A permite que el dominio B escriba en el árbol Xenstore local del dominio A. Luego, el dominio B puede crear muchos nodos y reiniciarse. Los nodos creados por el dominio B ahora serán propiedad de Dom0. Al repetir este proceso una y otra vez, se puede crear una cantidad arbitraria de nodos, ya que la cantidad de nodos de Dom0 no está limitada por la cuota de Xenstore.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-03 CVE Reserved
- 2022-11-01 CVE Published
- 2024-05-24 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (8)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/11/01/9 | 2024-02-04 | |
| http://xenbits.xen.org/xsa/advisory-419.html | 2024-02-04 | |
| https://xenbits.xenproject.org/xsa/advisory-419.txt | 2024-02-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Xen Search vendor "Xen" for product "Xen" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||