CVE-2022-42330

Name
CVE-2022-42330
Description
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://xenbits.xenproject.org/xsa/advisory-425.txt
security@xen.org https://security.gentoo.org/glsa/202402-07

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:xen:xen:4.17.0:*:*:*:*:*:x64:* xen == None == 4.17.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen edge-main 4.17.0-r5 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.17.0-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.17.0-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.17.0-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
xen edge-main 4.17.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xen edge-main 4.17.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
xen 3.22-main 4.17.0-r5 None fixed
xen 3.22-main 4.17.0-r2 None fixed
xen 3.22-main 4.17.0-r0 None possibly vulnerable
xen 3.21-main 4.17.0-r5 None fixed
xen 3.21-main 4.17.0-r2 None fixed
xen 3.21-main 4.17.0-r0 None possibly vulnerable
xen 3.20-main 4.17.0-r5 None fixed
xen 3.20-main 4.17.0-r2 None fixed
xen 3.20-main 4.17.0-r0 None possibly vulnerable
xen 3.19-main 4.17.0-r5 None fixed
xen 3.19-main 4.17.0-r2 None fixed
xen 3.19-main 4.17.0-r0 None possibly vulnerable
xen 3.18-main 4.17.0-r2 None fixed