Количество 14
Количество 14
CVE-2022-42320
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.
CVE-2022-42320
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.
CVE-2022-42320
Xenstore: Guests can get access to Xenstore nodes of deleted domains A ...
GHSA-p263-3p34-m82m
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0.
BDU:2024-03590
Уязвимость хранилища информации Xenstore гипервизора Xen, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, повысить свои привилегии или вызвать отказ в обслуживании
SUSE-SU-2022:4332-1
Security update for xen
SUSE-SU-2022:4051-1
Security update for xen
SUSE-SU-2022:3960-1
Security update for xen
SUSE-SU-2022:4241-1
Security update for xen
SUSE-SU-2022:3971-1
Security update for xen
SUSE-SU-2022:3947-1
Security update for xen
SUSE-SU-2022:3925-1
Security update for xen
SUSE-SU-2022:4007-1
Security update for xen
SUSE-SU-2022:3928-1
Security update for xen
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-42320 Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. | CVSS3: 7 | 0% Низкий | больше 3 лет назад |
 | CVE-2022-42320 Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. | CVSS3: 7 | 0% Низкий | больше 3 лет назад |
| CVE-2022-42320 Xenstore: Guests can get access to Xenstore nodes of deleted domains A ... | CVSS3: 7 | 0% Низкий | больше 3 лет назад |
| GHSA-p263-3p34-m82m Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries will be corrected when such a node is written later. There is a small time window when a new domain is created, where the access rights of a past domain with the same domid as the new one will be regarded to be still valid, leading to the new domain being able to get access to a node which was meant to be accessible by the removed domain. For this to happen another domain needs to write the node before the newly created domain is being introduced to Xenstore by dom0. | CVSS3: 7 | 0% Низкий | больше 3 лет назад |
 | BDU:2024-03590 Уязвимость хранилища информации Xenstore гипервизора Xen, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации, повысить свои привилегии или вызвать отказ в обслуживании | CVSS3: 7 | 0% Низкий | больше 3 лет назад |
 | SUSE-SU-2022:4332-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:4051-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:3960-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:4241-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:3971-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:3947-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:3925-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:4007-1 Security update for xen | около 3 лет назад | ||
| SUSE-SU-2022:3928-1 Security update for xen | около 3 лет назад |
Уязвимостей на страницу