CVE-2022-42326

Опубликовано: 01 нояб. 2022

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes.

Ссылки

http://www.openwall.com/lists/oss-security/2022/11/01/11
Mailing List
Patch
Third Party Advisory
http://xenbits.xen.org/xsa/advisory-421.html
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
https://security.gentoo.org/glsa/202402-07
https://www.debian.org/security/2022/dsa-5272
Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-421.txt
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/11/01/11
Mailing List
Patch
Third Party Advisory
http://xenbits.xen.org/xsa/advisory-421.html
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
https://security.gentoo.org/glsa/202402-07
https://www.debian.org/security/2022/dsa-5272
Third Party Advisory
https://xenbits.xenproject.org/xsa/advisory-421.txt
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*

Версия от 4.9.0 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-401

Связанные уязвимости

CVE-2022-42326

CVSS3: 5.5

ubuntu

больше 3 лет назад

CVE-2022-42326

CVSS3: 5.5

debian

больше 3 лет назад

Xenstore: Guests can create arbitrary number of nodes via transactions ...

GHSA-f5v3-qm6r-5p3w

CVSS3: 5.5

github

больше 3 лет назад

BDU:2024-03588

CVSS3: 5.5

fstec

больше 3 лет назад

Уязвимость хранилища информации Xenstore гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании

SUSE-SU-2022:4332-1

suse-cvrf

около 3 лет назад

Security update for xen

EPSS

Процентиль: 9%

0.00033

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-401