CVE-2022-42321

CVE-2022-42321

Name

CVE-2022-42321

Description

Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://xenbits.xenproject.org/xsa/advisory-418.txt
CONFIRM	http://xenbits.xen.org/xsa/advisory-418.html
MLIST	http://www.openwall.com/lists/oss-security/2022/11/01/8
DEBIAN	https://www.debian.org/security/2022/dsa-5272
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/
security@xen.org	https://security.gentoo.org/glsa/202402-07

Type

URI

MISC

https://xenbits.xenproject.org/xsa/advisory-418.txt

CONFIRM

http://xenbits.xen.org/xsa/advisory-418.html

MLIST

http://www.openwall.com/lists/oss-security/2022/11/01/8

DEBIAN

https://www.debian.org/security/2022/dsa-5272

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ/

security@xen.org

https://security.gentoo.org/glsa/202402-07

CPE URI	Source package	Min version	Max version
`cpe:2.3:o:xen:xen:-:::::::*`	xen	== None	== -

CPE URI

Source package

Min version

Max version

cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*

xen

== None

== -

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
xen	edge-main	4.17.0-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
xen	3.22-main	4.17.0-r0	None	fixed
xen	3.21-main	4.17.0-r0	None	fixed
xen	3.20-main	4.17.0-r0	None	fixed
xen	3.19-main	4.17.0-r0	None	fixed
xen	3.18-main	4.17.0-r0	None	fixed
xen	3.17-main	4.16.3-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

xen

edge-main

4.17.0-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

xen

3.22-main